Tech »  Topic »  Exploitation of React2Shell Surges

Exploitation of React2Shell Surges

4 hours ago   securityweek

An increasing number of threat actors have been attempting to exploit the critical vulnerability found recently in React, the popular open source library for creating application user interfaces.

The vulnerability, dubbed React2Shell and officially tracked as CVE-2025-55182, can be exploited using specially crafted HTTP requests for unauthenticated remote code execution. The flaw impacts systems that use React version 19, specifically instances that leverage React Server Components (RSC).

The existence of the vulnerability came to light on December 3, when patches were released by React maintainer Meta, which learned about the issue on November 29 from researcher Lachlan Davidson.

In addition to React itself, CVE-2025-55182 impacts other frameworks that rely on it, including Next.js, Waku, React Router, and RedwoodSDK.

React instances impacted by CVE-2025-55182

React is widely used. It powers millions of websites, it’s used by popular online services such as Airbnb and Netflix, and its core NPM package ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE