top of page
perceptive_background_267k.jpg

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

Published:

12 december 2025 om 08:55:00

Alert date:

12 december 2025 om 09:01:40

Source:

thehackernews.com

Click to open the original link from this advisory

The React team has released fixes for two new types of vulnerabilities in React Server Components (RSC) that could lead to denial-of-service (DoS) attacks or source code exposure. These issues were discovered by the security community while attempting to exploit patches for CVE-2025-55182, a critical vulnerability with a CVSS score of 10.0 that has already been weaponized. The new vulnerabilities represent additional attack vectors targeting React Server Components infrastructure.

Technical details

The React2Shell vulnerability (CVE-2025-55182) affects the React Server Components (RSC) Flight protocol. The underlying cause is unsafe deserialization that allows attackers to inject malicious logic that the server executes in a privileged context. A single, specially crafted HTTP request is sufficient with no authentication requirement, user interaction, or elevated permissions needed. Once successful, attackers can execute arbitrary, privileged JavaScript on the affected server. Over 35,000 exploitation attempts were recorded on a single day (December 10, 2025), with attackers first probing systems by running commands like 'whoami' before dropping cryptocurrency miners or botnet malware.

Mitigation steps:

CISA has urged federal agencies to patch the React2Shell vulnerability by December 12, 2025 (deadline revised from December 26). Organizations should apply fixes immediately, monitor for exploitation attempts, and scan for vulnerable React and Next.js applications. Over 137,200 internet-exposed IP addresses are running vulnerable code as of December 11, 2025.

Affected products:

React Server Components (RSC)
Next.js
Waku
Vite
React Router
RedwoodSDK

Related links:

https://www.cisa.gov/news-events/alerts/2025/12/05/cisa-adds-one-known-exploited-vulnerability-catalog
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html
https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-exploitation-threat-brief/
https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html
https://thehackernews.com/2025/12/react2shell-exploitation-delivers.html
https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html#botnets-exploit-react-flaw
https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-55182
https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive
https://securelist.com/cve-2025-55182-exploitation/118331/
https://theravenfile.com/2025/12/12/react2shell-exploitation-in-the-wild/
https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-55182%2B&dataset=unique_ips&limit=100&group_by=geo&stacking=stacked&auto_update=on
https://dashboard.shadowserver.org/statistics/combined/tree/?date_range=1&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-55182%2B&data_set=count&scale=log&auto_update=on

Related CVE's:

Related threat actors:

IOC's:

154.61.77[.]105:8082

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page