This article describes FortiWeb and FortoAppSec protection for CVE-2025-55182.
On December 3, 2025, the React and Next.js teams disclosed a critical CVSS 10.0 security flaw, tracked as React2Shell (CVE-2025-55182), which impacts applications using React Server Components in combination with Server Actions or Server Functions.
The issue arises from insufficient validation of untrusted client input in specific server-side React functionality, allowing an unauthenticated attacker to send crafted requests that can trigger unintended behavior on the server.
If exploited, this bug enables remote code execution without any prior authentication and poses a serious risk to many modern React and Next.js deployments that rely on these server capabilities.
Scope
FortiWeb, FortiAppSec, CVE-2025-55182.
Solution
FortiWeb: FortiWeb had already signatures protecting CVE-2025-55182 exploits; however, upon disclosure, additional exploit variations emerged that required additional protection. On December 4th, the FortiGuard research team released new signatures addressing newly released exploit variations. Users leveraging Fortinet's Standard signature set are automatically protected.
FortiAppSec: A new signature was also immediately deployed to FortiAppSec for all Users. Users leveraging FortiAppSec's Known Attack protection module are immediately protected.
