CVE-2025-55182
Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. At least 766 hosts across various cloud providers and geographies have been compromised to collect database and AWS credentials, SSH private keys, API keys, cloud tokens, and environment secrets. The operation uses a framework named NEXUS Listener and […]
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. Tracked as CVE-2025-55182, this actively exploited flaw affects the React open-source JavaScript library and allows unauthenticated attackers to execute arbitrary code in React and Next.js applications with a single HTTP request. While multiple […]
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. React2Shell is an unauthenticated remote code execution vulnerability that can be exploited via a single HTTP request and affects all frameworks that implement React […]
Critical React2Shell flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an insecure deserialization vulnerability in the React Server Components (RSC) ‘Flight’ protocol. Exploiting it does not require authentication and allows remote execution of JavaScript code in the server’s context. For the Next.js framework, […]
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed ‘React2Shell’, in the React Server Components (RSC) ‘Flight’ protocol allows remote code execution without authentication in React and Next.js applications. The security issue stems from insecure deserialization. It received a severity score of 10/10 and has been assigned the identifiers CVE-2025-55182 for React and CVE-2025-66478 (CVE rejected in the National Vulnerability Database) for Next.js. Security researcher Lachlan Davidson discovered […]