Security Update: Rocket.Chat Not Affected by “react2shell” (CVE-2025-55182)

gabriel.casals · December 9, 2025, 1:36pm

Security Update: Rocket.Chat Not Affected by “react2shell” (CVE-2025-55182)CVE-2025-55182, also known as “react2shell,” impacts applications that rely on React Server Components (RSC).
The issue allows malicious input to be executed on the server through improperly handled RSC payloads.

Rocket.Chat is not affected.
Rocket.Chat does not use React Server Components anywhere in our platform, and therefore the attack vector exploited in “react2shell” simply does not apply to our architecture.

As always, our Security and Engineering teams continuously monitor upstream advisories, validate potential impacts on our stack, and ensure we remain compliant with best practices in secure development.

Stay safe and keep communicating securely,
Rocket.Chat

Topic		Replies	Views
CVE-2022-32211 Questions Community Support	3	598	July 5, 2022
76 critical 125 major and 6 minor vulnerabilities Community Support	15	3195	January 20, 2019
Rocket.Chat Security and Versioning Guidelines Inquiry Community Support	1	43	December 13, 2024
New log4j vulnerability Community Support	5	936	December 14, 2021
Error in newest rocket chat Community Support	1	793	April 23, 2019

[Secure CommsOS™ Launch] Join our next Roadmap Reveal webinar to learn more Register now ->

Security Update: Rocket.Chat Not Affected by “react2shell” (CVE-2025-55182)

Related topics