React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...

A critical security vulnerability, codenamed CVE-2025-55182, has just been disclosed, potentially directly affecting ...

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of ...

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ...

RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations.

Exploitation of React2Shell started almost immediately after disclosure. AWS reported that at least two known China-linked ...

CISA warns that attackers are actively exploiting the React2Shell CVE-2025-55182 flaw, urging fast patching across vulnerable ...

Security firms have seen cryptocurrency miners, Linux backdoors, botnet malware, and post-exploitation implants in ...

The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with ...

The React2Shell vulnerability enables remote code execution on systems using React or Next.js. This allows threat actors worldwide to exploit this "open door" to deliver various malicious payloads.

As exploitation activity against CVE-2025-55182, researchers are finding some exploits contain bypasses for Web application firewall (WAF) rules.