React2Shell RCE flaw exploited by Chinese hackers hours after disclosure
techradar.com
- Critical React2Shell flaw now exploited in the wild by China-linked groups
- AWS reports global targeting of finance, logistics, retail, IT, universities, and governments for persistence and espionage
- Attackers also abuse NUUO Camera bug; urgent patching is advised
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for the Chinese government.
Late last week, the React team published a security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting RCS. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug, now dubbed 'React2Shell', is tracked as CVE-2025-55182, and is given a severity score of 10/10 (critical).
Given that React is one of the ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE