Chinese Nation-State Groups Tied to 'React2Shell' Targeting

Validated, Weaponized Exploit Code for Widely Used Web Framework Bug Now Public Mathew J. Schwartz (euroinfosec) • December 5, 2025

Warnings intensified over a critical vulnerability in the widely used web application framework React following the public release of a weaponized exploit for the flaw.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Tracked as CVE-2025-55182, the "React2Shell" vulnerability affects all versions of the Meta-developed open-source React framework since version 19, released in November 2024. All frameworks that use the affected packages, including the file-system-based App Router in the Next.js framework versions 15.x and 16.x, are vulnerable (see: Breach Roundup: React Flaw Incites Supply Chain Risk).

Hackers already appear to be exploiting the flaw, which allows full remote code execution. Amazon Web Services warned that "within hours" of the flaw's public disclosure Wednesday, it "observed active exploitation attempts by multiple ...