Note: Before we dive in, Check Point CloudGuard WAF customers were proactively protected and not affected by React2Shell. In early December 2025, the team behind React—the most widely used technology powering today’s websites and digital services—announced a critical security flaw in one of its new server features. Researchers call this bug React2Shell, and it’s rated CVSS 10.0 — the highest severity! It’s rated critical because it can let a stranger run code on your server without needing to log in or do anything. They only need to send a special request. No password. No account. No user interaction. Just […]
The post What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check Point CloudGuard WAF Customers Carried on with Their Day appeared first on Check Point Blog.
Read the original article: