LONDON (IT BOLTWISE) – A recently discovered vulnerability in React Server Components, known as React2Shell, was exploited by Chinese hackers in record time. This vulnerability allows attackers to execute malicious code on servers, which can lead to data loss and system takeover. The hackers’ quick response shows the urgency with which developers and security teams must act to thwart such threats.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
In the dynamic world of cybersecurity, vulnerabilities can emerge and be exploited at an alarming rate. A recent example of this is the exploitation of the React2Shell vulnerability by Chinese hackers. This critical vulnerability in React Server Components was recently disclosed and has already been targeted by advanced threat actors from China. This highlights the enormous pressure on developers and security teams to patch systems before attackers strike.
The vulnerability, tracked as CVE-2025-55182, has the highest severity rating of 10.0 on the Common Vulnerability Scoring System. It affects versions of React used in server-side rendering, particularly in frameworks like Next.js. This configuration, intended to improve performance and security by keeping sensitive operations server-side, has ironically opened a door for remote code execution. Attackers can inject malicious payloads that execute arbitrary code on the server, potentially leading to data breaches, system takeovers, or further network infiltration.
The vulnerability was disclosed on December 3, 2025, and attempts to exploit it were already detected within a few hours. This illustrates how quickly zero-day vulnerabilities can go from theoretical risks to real threats. Security researchers have determined that the vulnerability relies on improper handling of certain data inputs in Reacts Server components, allowing unauthenticated attackers to bypass protections and execute code remotely.
The US Cybersecurity and Infrastructure Security Agency (CISA) quickly added the vulnerability to its catalog of known exploited vulnerabilities, signaling urgent action for federal agencies and beyond. According to reports from TechRadar, Chinese hackers began exploring and exploiting the vulnerability almost immediately after it was publicly disclosed. Threat intelligence teams at Amazon Web Services observed several China-nexus groups, including Earth Lamia and Jackpot Panda, launching attacks. These groups, considered government-sponsored, are known for quickly adapting to newly disclosed vulnerabilities, often using automated tools to scan and exploit internet-connected systems.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “Chinese hackers are rapidly exploiting React vulnerability”.