BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA Adds Critical React2Shell RCE Vulnerability to KEV List

Critical React2Shell RCE Vulnerability CVE-2025-55182 Exploits React Server Components, Affecting Millions of Services and Popular Frameworks, with Active Chinese Hacking Group Attacks

  • A critical remote code execution vulnerability, CVE-2025-55182, impacts React Server Components, allowing unauthenticated attackers to execute arbitrary commands.
  • The flaw, known as React2Shell, is due to insecure deserialization in React’s Flight protocol used for server-client communication.
  • Multiple software libraries and frameworks including Next.js, React Router, Waku, Parcel, Vite, and RedwoodSDK are affected.
  • Attackers, linked to Chinese Hacking groups, have been observed exploiting this vulnerability to deploy cryptocurrency miners and other payloads.
  • Over 2 million internet-facing services may be vulnerable, prompting urgent updates by users and Federal agencies by December 26, 2025.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a severe remote code execution vulnerability, CVE-2025-55182, to its Known Exploited Vulnerabilities catalog on December 5, 2025. This flaw affects React Server Components (RSC) and permits unauthenticated attackers to execute arbitrary commands by exploiting a payload decoding weakness in React Server Function endpoints. The vulnerability carries a maximum CVSS score of 10.0 and is also referred to as React2Shell.

- Advertisement -

The root cause is insecure deserialization in the Flight protocol, the mechanism React employs for communication between servers and clients. An attacker can trigger this vulnerability by sending specially crafted HTTP requests without authentication. This issue is present in versions of the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack libraries prior to versions 19.0.1, 19.1.2, and 19.2.1 respectively. Several dependent frameworks, including Next.js, React Router, Waku, Parcel, Vite, and RedwoodSDK, are also affected.

Reports from Amazon indicate that attacks originating from infrastructure associated with Chinese hacking groups such as Earth Lamia and Jackpot Panda began within hours after the vulnerability was publicly disclosed. Multiple cybersecurity organizations, including Coalition, Fastly, GreyNoise, VulnCheck, and Wiz, have detected active exploitation attempts. The attacks often involve deploying cryptocurrency miners and executing PowerShell commands to confirm successful exploitation, followed by downloading additional malicious payloads.

Data from attack surface management platform Censys identifies about 2.15 million internet-facing services potentially vulnerable. These include exposed web services running React Server Components and associated vulnerable frameworks. The cybersecurity team from Palo Alto Networks Unit 42 confirmed that over 30 organizations across various industries have been targeted. One attacker group matched their profile of the Chinese-linked UNC5174, using tools like SNOWLIGHT and VShell during operations.

Security researcher Lachlan Davidson, credited with discovering the vulnerability, has shared multiple proof-of-concept exploits publicly. Another verified proof-of-concept was published by the researcher maple3142 on GitHub. Federal Civilian Executive Branch agencies are required to apply patches before December 26, 2025, under Binding Operational Directive 22-01 to mitigate risks associated with this vulnerability.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

MoonPay’s MoonAgents AI assistant now on Telegram

MoonPay launched support for its AI crypto assistant, MoonAgents, on the Telegram messaging platform...

GoPro founder loans $20M to save sinking company

GoPro founder and CEO Nicholas Woodman is extending $20 million in financing to the...

Sony Bank gains US approval to launch dollar stablecoins

Sony Bank received preliminary approval from the OCC to establish a US trust bank...

RoguePlanet Microsoft Defender Flaw Patched After Month Delay

Microsoft patched a Defender privilege escalation flaw called RoguePlanet, tracked as CVE-2026-50656, nearly a...

AVAX Surges 5.6% After Grayscale Shoutout, Outperforms BTC

Avalanche (AVAX) surged 5.6% in the daily charts and 2.7% over 14 days, outperforming...

Must Read

8 Best Crypto Debit Cards For Spending Your Digital Tokens

What are | How we chose | Best crypto debit cards | Binance Card? | FAQ | Final WordsCrypto debit cards have transformed how...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading