Exploitation of React2Shell Surges
An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek.
An increasing number of threat actors have been attempting to exploit the critical vulnerability found recently in React, the popular open source library for creating application user interfaces.
The vulnerability, dubbed React2Shell and officially tracked as CVE-2025-55182, can be exploited using specially crafted HTTP requests for unauthenticated remote code execution. The flaw impacts systems that use React version 19, specifically instances that leverage React Server Components (RSC).
The existence of the vulnerability came to light on December 3, when patches were released by React maintainer Meta, which learned about the issue on November 29 from researcher Lachlan Davidson.
Source: https://www.securityweek.com/exploitation-of-react2shell-surges/
Related breach coverage
- Chinese Hackers Exploiting React2Shell Vulnerability2025-12-05
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
- React2Shell Attacks Linked to North Korean Hackers2025-12-09
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT. The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
- Cloudflare Outage Caused by React2Shell Mitigations2025-12-05
The critical React vulnerability has been exploited in the wild by Chinese and other threat actors. The post Cloudflare Outage Caused by React2Shell Mitigations appeared first on SecurityWeek.
- React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability2025-12-04
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek.