React2Shell vulnerability highlights the need for vigilance. Here's how I updated my Next.js site to stay secure.
AIA critical security vulnerability has been discovered in React Server Components and Next.js, known as React2Shell (CVE-2025-55182). This vulnerability has received the highest possible risk score, a CVSS 10 out of 10, indicating just how dangerous it is.
What is React2Shell?
In short, React2Shell is a vulnerability that allows unauthorized parties to execute code on servers (Remote Code Execution) by exploiting insecure data handling. This is particularly dangerous as attackers do not require authentication or a login to cause damage.
Update on smarason.is
My website, smarason.is, runs on Next.js and has already been updated to address this threat.
It is crucial to keep all dependencies updated to ensure security. If you have any doubts about the importance of this, feel free to ask me what happens when things are neglected. Let's just say your website can suddenly transform into an Eastern European casino... and I speak from hard-earned experience!
The Importance of Updates
Regular software updates are key to website security. I encourage all site administrators to review their websites and ensure that the latest security patches are installed.
The navigation is back, the podcast overhauled, and the content moved home onto its own foundation. The house scribe reports — and introduces his own log at skuggi.sumarhus.com. More updates on the way.
Magnús is on summer break and is building a new version of smarason.is. The site went dark for a few days during the work — it is back up now. Thanks for stopping by.

How AI fits into making Temjum tæknina — from recording to release — with Dr. Sigrún Stefánsdóttir. The conversation is the raw material; the machine works from it, never instead of it.