This server-side request forgery (SSRF) flaw in React applications allows attackers to execute arbitrary shell commands, potentially leading to full remote code execution (RCE) on affected servers.
Security researchers and penetration testers can now identify these zero-day risks during routine scans, strengthening defenses against a vulnerability chain that has already surfaced in production environments.
ActiveScan++ builds on Burp Suite’s active and passive scanning by adding low-overhead checks for advanced application behaviors. It detects subtle issues that evade standard scanners, such as host header manipulations, including password reset poisoning, cache poisoning, and DNS rebinding attacks.
A significant addition is the coverage for high-profile CVEs, now including React2Shell along with well-known vulnerabilities like Shellshock and Log4Shell. Testers now benefit from Unicode bypass detection, triggered passive scans during fuzzing, and HTTP basic authentication insertion points.
| CVE ID | Vulnerability | CVSS v3.1 Score | Affected Component |
|---|---|---|---|
| CVE-2025-55182 | React2Shell SSRF-to-RCE | 9.8 (Critical) | React server endpoints |
| CVE-2025-66478 | React2Shell SSRF-to-RCE | 9.1 (Critical) | React routing handlers |
| CVE-2021-44228 | Log4Shell | 10.0 (Critical) | Log4j libraries |
| CVE-2014-6271 | Shellshock (Bash) | 9.8 (Critical) | Bash shells |
Integration is seamless: launch a standard Burp active scan, and ActiveScan++ runs all checks automatically. Results appear in the scan dashboard, categorized by severity. Caution is advised when performing host header tests on shared hosting, as they may redirect to unintended apps.
This update arrives amid rising SSRF exploits in React ecosystems, urging devs to patch via input sanitization and request whitelisting. Download ActiveScan++ from the BApp Store for immediate use.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities appeared first on Cyber Security News.
As part of its one day "Deal of the Day" special, Best Buy is offering…
We've seen the Alien and Predator franchises cross over numerous times across various media, but…
Check out this brand new deal on a high-capacity, high-output power bank with a huge…
It takes more than a single speaker to reproduce an entire soundstage. That's where Sonos'…
Two upcoming poetry Sangha events aim to engage participants in mindfulness meditation and spiritually-grounded personal…
North Korea has been running one of the most quietly effective cyber fraud operations in…
This website uses cookies.