Bugcrowd Security Flash: CVE-2025-55182 (React2Shell) UPDATE

On December 3, 2025, the React Team disclosed a critical RCE vulnerability (CVE-2025-55182) affecting React Server Components in modern Next.js deployments. In this Bugcrowd Security Flash, Casey Ellis and Matt Held outline what we've learned about this vulnerability since last week. They dig into the hardware exploitation element of this and also look at the AI-assisted exploitation side. Is "VibeCrime" the reason why this is moving faster than Log4shell? Check out the video to hear our take.