A serious vulnerability in React, identified as CVE-2025-55182, allows remote code execution by unauthenticated attackers. It affects multiple versions of React and related frameworks like Next.js, prompting security firms to issue patches and warnings of imminent exploitation.

The article details the rapid exploitation attempts of the React2Shell vulnerability (CVE-2025-55182) following its disclosure on December 3, 2025. Threat actors quickly utilized various tools to scan for and exploit vulnerable React Server Components across multiple regions, targeting significant organizations and critical infrastructure. It also mentions two other related vulnerabilities and Cloudflare's response to mitigate these risks.

The React2Shell vulnerability allows unauthenticated remote code execution in React Server Components, posing a significant risk for affected applications. Organizations using vulnerable versions must patch immediately to prevent exploitation. Runtime detection and WAF rules can offer temporary protection, but fixing the code is essential.