CVE-2025-55182 “React2Shell” vulnerability exploited almost immediately post-disclosure

Security researchers have reported that within hours of the public disclosure of CVE-2025-55182 — a critical remote-code-execution flaw in the popular React web framework — threat actors, including Chinese-linked groups, began exploiting it.

The flaw enables unauthenticated attackers to run arbitrary code on affected servers, posing grave risks to web applications worldwide.

Cybersecurity experts are now urging rapid patching and enhanced monitoring of web-facing applications, as this incident underscores how quickly vulnerabilities can be weaponized.