Next.js 发布了一款名为 fix-react2shell-next 的专用命令行工具，帮助开发者快速检测并修复高危"React2Shell"漏洞（CVE-2025-66478）。这款新型扫描器提供单行命令解决方案，可识别存在漏洞的 Next.js 和 React Server Components（RSC）版本，并自动应用最新 Next.js 版本中包含的 ...

约一个月前，用于构建应用程序界面的React 19库曝出远程代码执行漏洞React2Shell。随着研究人员深入调查，该漏洞的严重性逐渐显现。该漏洞允许攻击者通过React Server Components（服务器组件）实现未授权远程代码执行，仅需构造特定请求即可在受影响服务器上执行 ...

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.

Less than a week after its public disclosure, a maximum severity vulnerability known as React2Shell has been increasingly exploited by opportunistic threat actors. CVE-2025-55182 is a critical remote ...

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...

TORRANCE, Calif., Dec. 12, 2025 (GLOBE NEWSWIRE) -- In December 2025, the critical React Server Components (RSC) vulnerability known as React2Shell (CVE-2025-55182) was publicly disclosed, revealing a ...

A torrent of proof-of-concept (PoC) exploits for React2Shell has hit the internet following the vulnerability's disclosure last week, and while security researchers say most are fake, ineffective and ...

Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in ...