According to Google Threat Intelligence Group, CVE-2025-55182 in React Server Components is being actively exploited, endangering thousands of sites including crypto platforms through remote code execution.
Multiple threat groups are exploiting CVE-2025-55182, dubbed React2Shell, a critical remote code execution flaw in React Server Components versions 19.0 through 19.2.0, affecting frameworks such as Next.js. Disclosed on December 3, 2025, the vulnerability allows unauthenticated attackers to execute arbitrary commands on servers running vulnerable packages. The Google Threat Intelligence Group has observed financially motivated and state-backed actors deploying malware, backdoors, and Monero mining software. Crypto platforms are particularly at risk, as attackers can inject scripts to intercept wallet interactions or redirect transactions, even without breaching blockchain protocols. This urgent threat underscores the need for immediate patching to protect server resources and user assets.