Cybersecurity

React2shell Flaw Exploited To Breach 30 Orgs, 77k Ip Addresses...

2025-12-06 0 views admin
React2shell Flaw Exploited To Breach 30 Orgs, 77k Ip Addresses...

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors.

React2Shell is an unauthenticated remote code execution vulnerability that can be exploited via a single HTTP request and affects all frameworks that implement React Server Components, including Next.js, which uses the same deserialization logic.

React disclosed the vulnerability on December 3, explaining that unsafe deserialization of client-controlled data inside React Server Components enables attackers to trigger remote, unauthenticated execution of arbitrary commands.

Developers are required to update React to the latest version, rebuild their applications, and then redeploy to fix the vulnerability.

On December 4, security researcher Maple3142 published a working proof-of-concept demonstrating remote command execution against unpatched servers. Soon after, scanning for the flaw accelerated as attackers and researchers began using the public exploit with automated tools.

Shadowserver Internet watchdog group now reports that it has detected 77,664 IP addresses vulnerable to the React2Shell flaw, with approximately 23,700 in the United States.

The researchers determined that IP addresses were vulnerable using a detection technique developed by Searchlight Cyber/Assetnote, where an HTTP request was sent to servers to exploit the flaw, and a specific response was checked to confirm whether a device was vulnerable.

GreyNoise also recorded 181 distinct IP addresses attempting to exploit the flaw over the past 24 hours, with most of the traffic appearing automated. The researchers say the scans are primarily originating from the Netherlands, China, the United States, Hong Kong, and a small number of other countries.

Palo Alto Networks reports that more than 30 organizations have already been compromised through the React2Shell flaw, with attackers exploiting the vulnerability to run commands, conduct reconnaissance, and attempt to steal AWS configuration and credential files.

These compromises include intrusions linked to known state-associated Chinese threat actors.

Source: BleepingComputer

🏷️ Tags

securitybreachvulnerabilitycveattack

More from Cybersecurity

Beware: Paypal Subscriptions Abused To Send Fake Purchase Emails

Beware: Paypal Subscriptions Abused To Send Fake Purchase Emails

2025-12-14 0
Cybervolk’s Ransomware Debut Stumbles On Cryptography Weakness

Cybervolk’s Ransomware Debut Stumbles On Cryptography Weakness

2025-12-13 0
Cisa Adds Actively Exploited Sierra Wireless Router Flaw Enabling...

Cisa Adds Actively Exploited Sierra Wireless Router Flaw Enabling...

2025-12-13 0
Apple Issues Security Updates After Two Webkit Flaws Found...

Apple Issues Security Updates After Two Webkit Flaws Found...

2025-12-13 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views