Exploit Attempts Surge for React2Shell

Patch Now, as Scans and Hack Attempts Happening 'at Scale,' Security Experts Warn Mathew J. Schwartz (euroinfosec) • December 8, 2025

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn.

See Also: Top 10 Technical Predictions for 2025

A security researcher late Thursday released a working, weaponized exploit for the pre-authentication remote code execution vulnerability that affects React Server Components, after which experts tracked a surge in scanning and targeting activity (see: Chinese Nation-State Groups Tied to 'React2Shell' Targeting).

React is used by an estimated two-fifths of the world's top 10,000 websites, including Airbnb, Meta, Netflix, Shopify and Uber. It's used in mission-critical enterprise applications and e-commerce platforms.

Tracked as CVE-2025-55182, the "React2Shell" vulnerability affects all versions of the Meta-developed open-source React framework since version 19 ...