#react2shell-cve-2025-55182

[ follow ]
#react-server-components-rsc #pre-auth-remote-code-execution #flight-protocol-validation-failure #etherrat
Information security
fromInfoWorld
2 weeks ago

React2Shell is the Log4j moment for front end development

A Flight protocol validation failure in React Server Components and Next.js (React2Shell, CVE-2025-55182) enables unauthenticated remote code execution and rapid ransomware deployment.
fromBleepingComputer
3 weeks ago

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. Researchers at cloud security company Sysdig believe that the malware aligns with North Korea's tools used in Contagious Interview campaigns. They recovered EtherRAT from a compromised Next.js application just two days after the disclosure of the critical React2Shell vulnerability tracked as CVE-2025-55182.
Information security
[ Load more ]