Chinese Hackers Exploiting React2Shell Vulnerability

Threat actors have apparently started exploiting the newly disclosed React vulnerability tracked as React2Shell and CVE-2025-55182.

The critical vulnerability can be exploited using specially crafted HTTP requests for unauthenticated remote code execution on affected servers. It was reported to React maintainer Meta on November 29 by researcher Lachlan Davidson, and it was patched on December 3.

React2Shell may impact many systems considering that React, an open source JavaScript library designed for creating application user interfaces, powers millions of websites and its associated NPM package has millions of weekly downloads. Cloud security giant Wiz reported that 39% of cloud environments contain vulnerable React instances.

Davidson has set up a dedicated React2Shell website, but has not made public the technical details of the vulnerability. However, threat actors and researchers have been reverse-engineering the patches.

Several proof-of-concept (PoC) exploits were made public shortly after React2Shell’s disclosure, but they turned out to be ...