Caitlin CondonReact2Shell beyond Next.js: Our team tested exploitability and analyzed exploit patterns for *other* frameworks vulnerable to CVE-2025-55182. Notes on the four other frameworks we exploited successfully are in this blog, but it's important to note that none of these is anywhere close to the viable attack surface area that Next.js apps presented.
In other words, in an alternate universe where Next.js apps weren't vulnerable by default, this probably would've been a nothing-burger after all. Unfortunately (gestures at everything).
What's Next: React2Shell Beyond Next.js | Blog | VulnCheck
VulnCheck's Initial Access Intelligence team analyzes React2Shell CVE-2025-55182 exploitability in frameworks that utilize the vulnerable components outside of Next.js alone, with emphasis on exploitation steps and potential fingerprinting paths.