Summary
This article addresses CVE-2025-55182 (commonly referred to as "React2Shell"), a critical Remote Code Execution (RCE) vulnerability affecting React Server Components, and confirms that Liquidware products are not affected by this vulnerability.
Vulnerability Details
CVE ID: CVE-2025-55182
CVSS Score: 10.0 (Critical)
Disclosure Date: December 3, 2025
Affected Technologies: React Server Components (React 19.x), Next.js (15.x and 16.x with App Router)
CVE-2025-55182 is an unsafe deserialization vulnerability in the React Flight protocol used by React Server Components. This vulnerability allows unauthenticated remote attackers to execute arbitrary code on servers running vulnerable versions of React or Next.js applications that utilize React Server Components.
Liquidware Product Impact
Liquidware products are NOT affected by CVE-2025-55182.
Liquidware does not use React Server Components, the React Flight protocol, or the react2shell framework in any of our products, including:
- ProfileUnity
- FlexApp
- Stratusphere
- All Liquidware management consoles and web interfaces
Our products are built using different technology stacks that are not impacted by this React-specific vulnerability.
Last Updated: December 9, 2025
Applies to: All Liquidware Products
Severity: Informational