Dark Reading

Exploitation Activity Ramps Up Against React2Shell

Less than a week after its public disclosure, a maximum severity vulnerability known as React2Shell has been increasingly exploited by opportunistic threat actors. CVE-2025-55182 is a critical remote ...
NextBigFuture

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...
Bleeping Computer

Latest CVE-2025-55182 news

Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. Over 77,000 ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A critical vulnerability affecting the popular open source JavaScript library React is under attack — by none other by Chinese nation-state threat actors. CVE-2025-55182, which was disclosed Wednesday ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Infosecurity-magazine.com

React2Shell Under Active Exploitation by China-Nexus Hackers

Just days after the disclosure of the React2Shell critical vulnerability, tracked as CVE-2025-55182, threat actors are actively exploiting the flaw in the wild. The vulnerability carries a CVSS v3.1 ...