Miggo’s research team, led by Liad Eliyahu, has been actively investigating Web Application Firewall (WAF) protections developed to defend against React2Shell, an RCE vulnerability identified as CVE-2025-55182. Their recent findings reveal multiple ways to bypass these WAF protections across several prominent WAF vendors, which collectively secure a significant portion of internet traffic. This research highlights critical challenges in current WAF defenses against sophisticated remote code execution exploits like React2Shell. Detailed analysis of these bypass techniques can help organizations improve their security posture and WAF configurations to better protect against such threats.
Check out the original tweet here: https://twitter.com/MiggoSecurity/status/1999147168326967438