Microsoft warns that attackers are actively exploiting the React2Shell vulnerability, CVE-2025-55182, to compromise hundreds of systems across various organizations. Attackers are using the flaw to execute code, deploy malware, and, in some instances, deliver ransomware. Exploitation has moved beyond the proof-of-concept stage, with confirmed breaches across multiple sectors and regions. Microsoft's findings suggest a rapid increase in exploitation attempts after public disclosure, leading to malware deployment on vulnerable systems.
Microsoft says attackers have already compromised"several hundred machines across a diverse set of organizations" via the React2Shell flaw, using the access to execute code, deploy malware, and, in some cases, deliver ransomware.
, Redmond said attackers are actively exploiting CVE-2025-55182, better known as React2Shell, a critical flaw in React Server Components that can be abused to run arbitrary code on vulnerable servers. According to Microsoft's threat intelligence team, exploitation has already spread well beyond the proof-of-concept stage, with hundreds of compromised systems confirmed across multiple sectors and regions. The company said attackers are abusing the flaw to run arbitrary commands, drop malware, and pivot deeper into victim environments, often blending the activity into legitimate-looking application traffic., when researchers warned the React Server Components bug could be exploited to execute attacker-controlled code. The bug was quickly chained to other weaknesses and misconfigurations, withthat probed exposed servers at scale. A separate wave of disclosures days later revealed additional"SecretLeak" bugs in React tooling, further rattling developers who had only just begun to understand the blast radius of React2Shell. Microsoft's latest findings suggest exploitation attempts ramped up rapidly after public disclosure, with attackers using successful exploits to push malware – including memory-based downloaders and cryptominers – onto exposed JavaScript application backends. Other threat intelligence teams are seeing the same thing on the ground. Security firm S-RM said it has already responded to a real-world intrusion in which React2Shell was used as the initial access vector to breach a corporate network and deploy ransomware. "This is the first time S-RM has observed this vulnerability being used by financially motivated threat actors to facilitate a cyber extortion attack, and highlights an escalation in the known impact of this vulnerability compared to other public reporting, which has so far primarily documented instances of the vulnerability being used to introduce backdoor malware or cryptominers,""React2Shell continues to pop off by our count at GreyNoise Intelligence," Morris said."We continue to stack a pretty hefty number of distinct malware payloads. Exploitation is still very high with the number of cumulative networks exploiting this vuln reaching all-time highs almost every single day since disclosure." The scale reflects how widely React Server Components have been adopted. Designed to offload rendering work to the server to improve performance, the technology is now embedded in countless production apps, with one estimate suggesting that 39 percent of cloud environments are vulnerable to the React2Shell flaw. The exact number of known React2Shell victims is not yet known, but Palo Alto Networks has confirmed that more than 50 organizations have so far been compromised. However, the true figure is likely much higher, as researchers warned last week that For organizations still scrambling to respond, Microsoft urged teams to apply available patches, audit exposed React Server Component deployments, and monitor for signs of exploitation. With exploitation still surging and patching incomplete, React2Shell remains wide open for abuse. ®DVSA's clapped-out booking system gets bot slapped as new boss rides inWorld Summit on the Information Society resolves the world needs a permanent forum to discuss how we manage the 'Net
React2shell Vulnerability Exploitation Malware Ransomware
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Evri: Pressure continues over delays as Christmas loomsPoliticians in Northern Ireland say they have been contacted by hundreds of customers waiting on deliveries.
Read more »
Privacy-Focused Browser Extensions Caught Secretly Harvesting Chatbot ConversationsFour popular browser extensions, Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, are secretly collecting and sharing the text of chatbot conversations from millions of users. These extensions, which are available on the Chrome Web Store and Microsoft Edge Add-ons, target popular AI platforms like ChatGPT. The collected data is being sent to the developers, bypassing user consent and privacy settings. Users are urged to uninstall these extensions immediately and to assume that all AI conversations since July 2025 have been compromised.
Read more »
HMRC Scam Alert: Beware of Festive Season Tax FraudUK households are warned about fraudulent letters and communications impersonating HMRC, aiming to deceive individuals during the Christmas period. Scammers exploit increased stress and emotions, often offering fake tax refunds or threatening legal action to steal personal and financial information. HMRC advises vigilance against suspicious messages and emphasizes verifying communications through official channels.
Read more »
Microsoft's new guide to PC gaming hardware is very slightly more useful than you might expect but oddly has never heard of upscalingJeremy has been writing about technology and PCs since the 90nm Netburst era (Google it!) and enjoys nothing more than a serious dissertation on the finer points of monitor input lag and overshoot followed by a forensic examination of advanced lithography. Or maybe he just likes machines that go “ping!” He also has a thing for tennis and cars.
Read more »
Tears as relative of youngest victim of Bondi Beach shooting hits out at 'evil' attackersMatilda's aunt Lina Chernykh describes her niece as 'friendly and happy, and with a lot of friends' and says the gunmen who went on the rampage 'must never have had love'.
Read more »
Why McDonald's AI Christmas ad backfired so badlyDaniel John is Design Editor at Creative Bloq. He reports on the worlds of design, branding and lifestyle tech, and has covered several industry events including Milan Design Week, OFFF Barcelona and Adobe Max in Los Angeles. He has interviewed leaders and designers at brands including Apple, Microsoft and Adobe.
Read more »