The U.S. CISA has added the critical React2Shell vulnerability (CVE-2025-55182) to its KEV list, highlighting active exploitation in the wild. Multiple threat actors, including Chinese hacking groups, are targeting affected React Server Components and frameworks such as Next.js and Vite. #React2Shell #CISA #ChinaHackingGroups
Keypoints
- The CVE-2025-55182 vulnerability allows unauthenticated remote code execution through insecure deserialization in React Server Components.
- The flaw affects versions 19.0.1, 19.1.2, and 19.2.1 of several React server libraries and impacts downstream frameworks like Next.js and Vite.
- Attackers have been exploiting this vulnerability to deploy cryptocurrency miners and remote payload downloaders.
- Approximately 2.15 million internet-facing services using affected React components are potentially at risk.
- Security researchers and organizations urge immediate updates; FCEB agencies must patch by December 26, 2025.
Read More: https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html