"Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Financially-motivated attackers have found a way to use the flaw, dubbed React2Shell ( CVE-2025-55182), to execute arbitrary code on vulnerable servers through a single malicious HTTP request. This allows them to quickly and easily gain access to a corporate network and deploy ransomware, according to researchers at cybersecurity company S-RM and the Microsoft Defender Security Research Team."
"Attackers initially exploited the vulnerability to introduce backdoor malware and crypto miners; this new method represents an escalation, and experts say it reveals a fundamental security flaw in front end development. 'For too long, we've treated front end development as low end, low risk work,' said David Shipley of Beauceron Security. 'This is to front end of applications what Log4j was to the back end, a massive opportunity for attackers.'"
A Flight protocol validation failure in React Server Components, Next.js, and related frameworks (React2Shell, CVE-2025-55182) permits unauthenticated remote code execution via a single malicious HTTP request. Attackers can leverage the flaw to install backdoors, deploy crypto miners, and execute ransomware, enabling quick network compromise. The vulnerability received a CVSS 10 rating due to ease of exploitation, broad exposure, and susceptibility to automated attacks that require no authentication. Widespread use of React-based deployments across many organizations amplifies the impact and exposes a fundamental front-end security gap.
#react2shell-cve-2025-55182 #react-server-components-rsc #pre-auth-remote-code-execution #flight-protocol-validation-failure
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]