Nation-State and Cybercrime Exploits Tied to React2Shell

2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel Mathew J. Schwartz (euroinfosec) • December 15, 2025

Mass exploitation of the React2Shell vulnerability is underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals, experts warn.

See Also: Top 10 Technical Predictions for 2025

Tracked as CVE-2025-55182, the vulnerability affects all versions of the Meta-developed open-source React framework since version 19, released in November 2024.

Following the public release of a patch on Dec. 3, threat intelligence firm Huntress said attacks targeting React2Shell appeared to surge on Dec. 8, including against the construction and entertainment sectors.

Threat intel firm GreyNoise observed 669 different, unique IP addresses attempting to exploit React2Shell on Sunday alone. The firm has tracked about 2,300 different IP addresses mounting attacks, of which 70% only appeared on or after Dec. 4, the same day ...