Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Chinese threat actors have rapidly weaponized CVE-2025-55182 (React2Shell) within hours of public disclosure. The critical vulnerability in React Server Components allows unauthenticated remote code execution with a CVSS score of 10.0. Two China-linked hacking groups are actively exploiting this flaw. Patches are available in React versions 19.0.1, 19.1.2, and 19.2.1. The vulnerability represents a significant threat due to the widespread use of React and the immediate exploitation by threat actors.