"Maintained by Meta, React is an open source resource designed to enable developers to build user interfaces (UIs) for both native and web applications. The vulnerability in question, assigned CVE-2025-55182 and dubbed React2Shell by the cyber community, is a critically-scored pre-authentication RCE flaw in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of React Server Components that exploits a flaw in how they decode payloads sent to React Function Endpoints."
"This means that by crafting a malicious HTTP request to a Server Function endpoint, this means a threat actor could gain the ability to run arbitrary code on the target server. It was added to the US' Cybersecurity and Infrastructure Security Agency's (CISA's) catalogue on Friday 5 December, and according to Amazon Web Services (AWS) CISO and vice president of security engineering, C.J. Moses, the chief culprits behind the rapid exploitation are thought to be China-nexus threat actors."
A critical pre-authentication remote code execution vulnerability, CVE-2025-55182 (React2Shell), affects React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 by exploiting payload decoding in React Function Endpoints. A maliciously crafted HTTP request to a Server Function endpoint can enable arbitrary code execution on affected servers. Cloudflare deployed mitigations earlier, and the flaw was added to CISA's catalogue on 5 December. Amazon Web Services intelligence observed rapid, large-scale exploitation attempts, with China-nexus threat actors and groups tracked as Earth Lamia and Jackpot Panda operationalising public exploits and probing targets via honeypots.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]