A serious security flaw has been discovered in the React JavaScript library, leading to widespread disruption on the internet. Cloudflare has implemented measures to address the vulnerability, but reports indicate that multiple threat actors are now exploiting it on a large scale.
React, maintained by Meta, is a popular open source resource used for building user interfaces for various applications. The vulnerability, known as CVE-2025-55182 or React2Shell, affects versions 19.0.0 to 19.2.0 of React Server Components. It allows threat actors to execute arbitrary code on targeted servers by sending malicious HTTP requests to Server Function endpoints.
The Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its catalogue on December 5, with AWS pointing to China-based threat actors as the primary exploiters. Groups like Earth Lamia and Jackpot Panda have been observed taking advantage of React2Shell since its disclosure on December 3.
Radware researchers have warned of a massive attack surface, with over 950,000 servers running vulnerable frameworks like React and Next.js. These widely used frameworks are popular among developers for their efficiency and flexibility, making them prevalent in various applications.
Michael Bell, CEO of Suzu Labs, emphasized the increasing speed at which nation-state actors exploit vulnerabilities, highlighting the need for prompt action. He predicted a future where AI tools could generate exploit code within minutes of a vulnerability disclosure.
The recent Cloudflare outage underscores the severity of the situation, showing the urgent need for proactive security measures in the face of evolving cyber threats.
Massive attack
Radware’s research reveals the extensive reach of vulnerable frameworks like React and Next.js, posing a significant risk to modern web infrastructure. The widespread adoption of these frameworks makes them prime targets for exploitation, necessitating swift and widespread action to mitigate potential threats.
The rapid response of threat actors to vulnerability disclosures highlights the need for continuous vigilance and proactive security measures to protect against cyber attacks. As AI technology advances, the window of vulnerability between disclosure and exploitation is expected to shrink, emphasizing the importance of timely patching and security updates.
Overall, the React2Shell vulnerability serves as a stark reminder of the ever-present cybersecurity risks in today’s digital landscape, underscoring the need for robust security measures and proactive threat mitigation strategies.
