RondoDox Botnet is Using React2Shell to Hijack Thousands of Unpatched Devices

RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites.

If you have a smart camera at home or a small website for your business, you could be helping hackers without even knowing it, as cyber criminals are breaking into thousands of everyday devices using the RondoDox botnet. They are building a botnet, which is basically a giant army of hijacked computers that they control from far away.

According to a report from CloudSEK, these attackers are now exploiting a critical flaw called React2Shell (CVE-2025-55182). This flaw is found in Next.js, a popular tool used to build websites. It is very dangerous because it lets hackers take over a computer or server without needing a password.

A Calculated Three-Step Takeover

Right after this security flaw was discovered in December 2025, the RondoDox group began hunting for victims ...