Chinese Hackers Exploiting React2Shell Vulnerability
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
Threat actors have apparently started exploiting the newly disclosed React vulnerability tracked as React2Shell and CVE-2025-55182.
The critical vulnerability can be exploited using specially crafted HTTP requests for unauthenticated remote code execution on affected servers. It was reported to React maintainer Meta on November 29 by researcher Lachlan Davidson, and it was patched on December 3.
React2Shell may impact many systems considering that React, an open source JavaScript library designed for creating application user interfaces, powers millions of websites and its associated NPM package has millions of weekly downloads. Cloud security giant Wiz reported that 39% of cloud environments contain vulnerable React instances.
Source: https://www.securityweek.com/chinese-hackers-exploiting-react2shell-vulnerability/
Related breach coverage
- Exploitation of React2Shell Surges2025-12-08
An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek.
- React2Shell Attacks Linked to North Korean Hackers2025-12-09
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT. The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
- Critical React2Shell flaw actively exploited in China-linked attacks2025-12-05
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. [...]
- APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability2026-01-28
Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025. The post APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability appeared first on SecurityWeek.