Yesterday, after various bogus AI slopped "PoC"s, eventually a functional PoC for the React RCE emerged:
https://github.com/msanft/CVE-2025-55182
We now have a PoC from the reporter of the vulnerability as well:
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc