Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

• React2Shell (CVE-2025-55182) critical flaw exploited by Chinese and North Korean groups
• North Korea deploys EtherRAT implant with Ethereum C2, Linux persistence, and Node.js runtime
• Researchers urge urgent updates to patched React versions 19.0.1, 19.1.2, and 19.2.1

The Chinese are not the only ones exploiting React2Shell, a maximum-severity vulnerability that was recently discovered in React Server Components (RSC).

Reports are coming in detailing North Korean state-sponsored threat actors doing the same. The only difference is that the North Koreans are using the flaw to deploy a novel persistence mechanism malware.

Late last week, the React team published a security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting RCS. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug, now dubbed 'React2Shell', is tracked ...