Google has identified multiple China-linked threat groups exploiting the React2Shell vulnerability (CVE-2025-55182) to deliver malware and conduct espionage activities. The widespread exploitation involves various malware strains and tactics across different cyber espionage campaigns. #React2Shell #CVE-2025-55182
Keypoints
- React2Shell (CVE-2025-55182) affects systems using React 19 and related frameworks like Next.js and RedwoodSDK.
- Several Chinese threat groups, including UNC6600 and UNC6586, are actively exploiting the vulnerability to deliver malware.
- Malware delivered through React2Shell includes Minocat.Advertisement, Snowlight, and backdoors like Hisonic and Compood.
- Exploitation began immediately after the vulnerability was disclosed on December 3, with growing activity from other China-linked threat actors.
- Additional React vulnerabilities with high and medium severity have been identified, posing further security risks.