Tech »  Topic »  React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

an hour ago   securityweek

The cybersecurity industry is on high alert following the disclosure of a critical React vulnerability that can be exploited by a remote, unauthenticated attacker for remote code execution. 

React (React.js) is an open source JavaScript library designed for creating application user interfaces. Maintained by Meta and a large community of companies and individual developers from around the world, React is widely used: it reportedly powers millions of websites, it’s used by popular online services (Airbnb, Instagram, Netflix), and its core NPM package currently has 55 million weekly downloads.

In an advisory published on Wednesday, React developers informed users about the availability of patches for CVE-2025-55182, an unauthenticated remote code execution vulnerability that has been assigned a CVSS score of 10.

The security hole affects versions 19.0, 19.1.0, 19.1.1, and 19.2.0, and it has been patched with the release of versions 19 ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE