Скачать или смотреть Critical React2Shell Vulnerability: What You Need to Know

In this video, we discuss the critical security flaw known as React2Shell, which has been added to the CISA Known Exploited Vulnerabilities catalog following confirmed active exploitation. This vulnerability, identified as CVE-2025-55182, poses a significant risk as it allows unauthenticated remote code execution through React Server Components. With a CVSS score of 10.0, the flaw stems from insecure deserialization in the library's Flight protocol, enabling attackers to execute arbitrary commands on affected servers.

What you’ll learn: We will break down the timeline of events surrounding the discovery of this vulnerability, the impact it has on various organizations and frameworks, and the necessary steps that must be taken for mitigation. We will also explore the nature of the attacks being executed and the broader implications for cybersecurity.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its KEV catalog on December 6, 2025, after reports indicated active exploitation in the wild. The vulnerability allows attackers to exploit a flaw in how React decodes payloads sent to React Server Function endpoints. This critical issue affects not only the React library itself but also downstream frameworks like Next.js and React Router.

Following the public disclosure of this flaw, Amazon reported attack attempts originating from Chinese hacking groups, indicating that multiple threat actors are actively exploiting this vulnerability. Security researchers have noted that the attacks range from deploying cryptocurrency miners to executing PowerShell commands to assess successful exploitation.

As of December 7, 2025, nearly 29,000 IP addresses were identified as vulnerable, with significant numbers located in the U.S., Germany, and China. Organizations across various sectors have been affected, with over 30 confirmed cases reported by Palo Alto Networks Unit 42.

To mitigate the risk, organizations are urged to update their instances to the latest versions of the affected libraries, which include react-server-dom-webpack and others. Federal agencies have until December 26, 2025, to apply these updates as mandated by Binding Operational Directive 22-01.

The exploitation of the React2Shell vulnerability highlights the importance of maintaining up-to-date software and monitoring for signs of compromise. As attacks continue to evolve, it is crucial for organizations to implement robust security measures and stay informed about emerging threats.

Stay tuned as we delve deeper into the specifics of this vulnerability, its implications for the cybersecurity landscape, and actionable steps for organizations to protect themselves from potential exploitation.