- A critical vulnerability, CVE-2025-55182, in React Server Components is actively exploited by various threat actors.
- The flaw allows remote code execution on affected servers without authentication.
- Attackers have deployed Malware, backdoors, and cryptocurrency mining software in ongoing attacks.
- Many crypto platforms using React and Next.js are at immediate risk of asset theft through compromised front-end code.
React Server Components contain a critical security flaw disclosed on December 3, 2025, leading to active exploitation by multiple cybercriminal groups. Tracked as CVE-2025-55182 and nicknamed React2Shell, this vulnerability enables attackers to execute arbitrary code remotely on unpatched servers without needing authentication.
The issue affects React versions 19.0 through 19.2.0, including packages integrated by popular frameworks like Next.js. Attackers exploit how React decodes requests sent to server-side components. By crafting malicious requests, attackers gain full control over the targeted servers.
The Google Threat Intelligence Group (GTIG) documented several campaigns leveraging this flaw to install malware, establish backdoors, and run crypto-mining software such as Monero miners. These miners use victim server resources stealthily to generate illicit revenue while degrading performance.
Many cryptocurrency platforms rely heavily on JavaScript frameworks like React and Next.js for user wallet interactions, transaction signing, and permit approvals. A compromised site could allow attackers to inject malicious scripts that intercept wallet activities or redirect transactions to attacker-controlled wallets—despite the security of the blockchain itself.
This vulnerability poses acute dangers to users who sign transactions through browser-based wallets. Immediate patching and protective measures are critical to prevent widespread damage to websites and their users’ assets. More information about the vulnerability and its impact is available in the official blog post by React on their website, linked as a critical vulnerability.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- PayPal files to form Utah industrial bank for crypto, loans
- Ford to Take $19.5 Billion Hit as It Scales Back Electric Vehicles
- Crypto Market Correction: $527M Liquidations Amid Rising AI Debt Risks
- PayPal Applies to Launch Its First U.S. Bank for Small Business
- Crypto Stocks Dive as Market Liquidations Hit BTC, ETH, Solana
