Recent attacks exploit the React2Shell vulnerability (CVE-2025-55182) affecting Next.js servers, enabling remote code execution and botnet infections. The RondoDox botnet has actively targeted these vulnerable systems, deploying malicious payloads and establishing persistence across various architectures. #React2Shell #RondoDox
Keypoints
- The React2Shell vulnerability impacts systems using React 19 and related frameworks like Next.js.
- Exploitation began shortly after the public disclosure in December 2025, initially linked to Chinese threat groups.
- The RondoDox botnet has been involved in scanning, exploiting, and deploying malware on vulnerable servers and IoT devices.
- Operators use a variety of payloads, including miners and Mirai variants, to infect devices across multiple architectures.
- The attack involves credential theft, lateral movement, and persistent malware deployment for ongoing control.
Read More: https://www.securityweek.com/rondodox-botnet-exploiting-react2shell-vulnerability/