React2Shell RCE Flaw Exploited by Chinese Hackers Hours After Disclosure

React2Shell RCE flaw exploited by Chinese hackers hours after disclosure

Chinese hackers are taking advantage of the 10/10 bug reported late last week.

Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell

A critical React2Shell (CVE-2025-55182) RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations. The post Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell  appeared first on Security Boulevard.

Is React2Shell the new Log4Shell?

React Server Components contains a vulnerability that can be exploited on a large scale. To what extent is it similar to the infamous Log4Shell?

React2Shell: Rapid CVE-2025-55182 Exploitation Exposed

The vulnerability disclosure cycle has entered a new era, one where the gap between publication and weaponization is measured in minutes, not days. It has been confirmed that China-nexus threat actors began actively exploiting a critical React Server Components flaw, React2Shell, only hours after its public release.   The vulnerability, tracked as CVE-2025-55182, impacts React Server Components across React 19.x and Next.js 15.x/16.x deployments…

Critical React2Shell RCE Flaw Actively Exploited To Run Malicious Code - Cybernoz - Cybersecurity News

A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked as CVE-2025-55182 and dubbed “React2Shell,” affects React and downstream ecosystems, including the popular Next.js framework, prompting urgent calls for immediate patching. CVE ID Vulnerability CVSS Score Severity Affected P…

Critical Vulnerabilities Found in React Server Components and Next.js

Open in the wild flaw The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw affecting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog after exploitation in the wild. The flaw CVE-2025-55182 (CVSS score: 10.0) or React2Shell hints towards a remote code execution (RCE) that can be triggered by an illicit threat actor without needing any setup.  Remote code execution  Accord…