What is CVE-2025-55182?

Unauthenticated RCE in React Server Components. One request executes code server-side. Affects specific 19.x packages.

How do threat actors exploit React2Shell?

HTTP payloads trigger via vulnerable dom bundles. Leads to loaders, backdoors, miners. China-nexus heavy hitters involved.

How to fix React2Shell in Next.js?

Update react-server-dom-* beyond 19.2.0. Scan for exposures. Follow GTIG/Wiz guides.

🕳️ Vulnerabilities & CVEs

React2Shell Hits: Spies, Miners, and Chaos Exploit React's Gaping Flaw

React was supposed to be the web's shiny armor. Now? React2Shell (CVE-2025-55182) lets hackers run wild with one HTTP poke. Spies and scammers are feasting.

theAIcatchup Apr 08, 2026 3 min read

Digital hackers breaching React Server Components via React2Shell vulnerability

⚡ Key Takeaways

CVE-2025-55182 (React2Shell) enables unauth RCE in React Server Components, exploited by diverse actors including China-nexus spies. 𝕏
Impacts unpatched React/Next.js widely; payloads include MINOCAT, backdoors, and miners. 𝕏
Patch immediately — echoes Log4Shell risks for JS ecosystem. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#CVE-2025-55182 #China-nexus threats #RCE vulnerability #React Server Components #React2Shell

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Mandiant Blog

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

React2Shell: How a React Bug Turned 766 Servers into Credential Vaults

CISA Slaps Critical Fortinet Flaw into KEV: Patch Now or Pay Later

Apache ActiveMQ's 13-Year RCE Nightmare: Auth Bypass via Ancient Flaw Chain

UAT-10608's Automated Credential Grab: Next.js Apps Bleeding Secrets via React2Shell

Stay in the loop