Over 77,000 IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with attackers already compromising over 30 organizations. Widespread exploitation involves Chinese threat actors using PowerShell and malware like Snowlight and Vshell to access and control affected systems. #React2Shell #CVE-2025-55182 #ChineseThreatActors
Keypoints
- Over 77,000 IP addresses are vulnerable to the React2Shell flaw affecting React Server Components.
- Attackers rapidly exploited the vulnerability to compromise organizations using automated scanning tools.
- Some attacks are linked to Chinese state-sponsored groups deploying malware such as Snowlight and Vshell.
- Organizations are urged to update React, rebuild applications, and monitor logs for suspicious activity.
- Cloudflare and CISA have issued mitigations and mandates for patching due to the severity of the threat.