CISA has officially added the “React2Shell” vulnerability (CVE-2025-55182) to its Known Exploited Vulnerabilities (KEV) catalog. This critical RCE flaw in React Server Components is being actively exploited by Chinese state-sponsored groups (Earth Lamia, Jackpot Panda) and botnets. Over 2.15 million internet-facing services are potentially exposed.
Business Impact
This is a widespread emergency for any organization using modern web frameworks (Next.js, React). Unauthenticated attackers can execute arbitrary code on servers without any user interaction. The sheer scale of exposed services makes this a prime target for automated ransomware and crypto-mining campaigns.
Why It Happened
The flaw involves insecure deserialization in the React Flight protocol. Attackers can send specially crafted payloads to Server Function endpoints to bypass security controls and execute commands.
Recommended Executive Action
Direct development teams to update React packages to version 19.0.1 or later immediately. Federal agencies have a strict deadline to patch (Dec 26), but private sector leaders should treat this as a 24-hour remediation window.
Hashtags: #React2Shell #CISA #KEV #Vulnerability #RCE #China #APT #AppSec #PatchNow #InfoSec