CSOonline

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...
Hosted on MSN

React2Shell exploitation continues to escalate, posing 'significant risk'

React2Shell (CVE‑2025‑55182) exploited to compromise hundreds of systems worldwide China‑linked groups and North Korea abuse flaw for persistence, espionage, and cryptomining Patch immediately to ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...
Bleeping Computer

Critical React2Shell flaw exploited in ransomware attacks

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.
The Hacker News

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...
securityledger.com

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...
The Record

Federal agencies now only have one more day to patch React2Shell bug

The amount of time federal agencies have to patch the recent React2Shell vulnerability has decreased significantly. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-55182 — a ...
The Telegraph

Roxana's Sean Maberry sets 'example for what it means to be a Shell'

Roxana's Sean Maberry (23) takes the ball to the rim on a drive against Staunton's Lucas Dillon during a Hoopsgiving Classic game Nov. 25 at Milazzo Gym in Roxana. Roxana's Sean Maberry gets outside ...
bitnewsbot

React2Shell Exploited for Crypto Mining and Malware Attacks

React2Shell continues to see heavy use by cybercriminals exploiting a severe security vulnerability in React Server Components (RSC). As disclosed in recent reports from Huntress, threat actors use ...
The Hacker News

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of ...