Burp Suite Update: Added Ability to Detect React2Shell Vulnerabilities
PortSwigger has updated the ActiveScan++ extension for Burp Suite, and it can now automatically detect two critical vulnerabilities found in React applications, known as React2Shell — CVE-2025-55182 and CVE-2025-66478.
These vulnerabilities allow attackers to send unauthorized requests to the server through SSRF. In the worst-case scenario, an attacker can execute arbitrary commands on the server, leading to remote code execution (RCE). This poses a serious threat to many services built on React and Next.js.
What is the React2Shell Vulnerability?
Due to improper handling of data in React Server Components (RSC) and certain routing functionalities, an attacker may:
- send forged requests to the server (SSRF),
- trigger incorrect data deserialization,
- and ultimately achieve command execution on the server.
These vulnerabilities are dangerous because they can occur even with default configurations.
What Does the ActiveScan++ Update Provide?
The new version introduces several improvements:
✔ Detection of React2Shell (CVE-2025-55182 / CVE-2025-66478)
The extension identifies signs of vulnerabilities in React server endpoints or Next.js routing handlers.
✔ Automation of Advanced Scans
In addition to Burp Suite’s standard active scanning, ActiveScan++ now checks for:
- host-header manipulation
- cache poisoning
- DNS rebinding
- password reset poisoning
- Unicode bypasses
- passive scanning triggered during fuzzing
These checks help detect subtle flaws that standard scanners often miss.
✔ Coverage of Well-Known CVEs
For example:
- CVE-2021-44228 — Log4Shell (10.0)
- CVE-2014-6271 — Shellshock (9.8)
Summary Table of Critical Vulnerabilities
| CVE ID | Description | CVSS Score | Affected Component |
|---|---|---|---|
| CVE-2025-55182 | React2Shell SSRF → RCE | 9.8 | React Server Endpoint |
| CVE-2025-66478 | React2Shell SSRF → RCE | 9.1 | React Routing Handler |
| CVE-2021-44228 | Log4Shell | 10.0 | Log4j |
| CVE-2014-6271 | Shellshock | 9.8 | Bash |
How to Use It
Install ActiveScan++ through the BApp Store, then:
- Launch a standard Active Scan in Burp Suite.
- The extension will automatically check for React2Shell and other vulnerabilities.
- Results will appear in the scan panel, categorized by severity.
Note: Host-header tests may cause redirection to other applications on shared hosting environments — run these tests with caution.
Recommendations for Reducing Risk
1) Update React/Next.js packages immediately
Apply patches as soon as they are released by development teams.
2) Restrict deserialization
Block deserialization of untrusted or raw data in server components.
3) Strengthen SSRF protection
- apply whitelisting
- enable egress filtering
- restrict direct access to internal services
4) Monitor logs and network activity
Investigate suspicious requests or deserialization errors immediately.
5) Perform regular scanning
ActiveScan++ simplifies this process — using the updated version is strongly recommended.
React2Shell vulnerabilities pose a significant threat to the React and Next.js ecosystem. The updated ActiveScan++ extension for Burp Suite provides an important tool for early detection and prevention of such attacks.
