Multiple China-linked threat actors are actively exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js applications. The max-severity flaw began being exploited just hours after its public disclosure. The vulnerability represents a critical security issue in widely-used JavaScript frameworks. Chinese threat groups quickly weaponized the vulnerability for attacks. The rapid exploitation timeline highlights the risk of zero-day disclosure without adequate patching time.