#cve_2025_55182 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cve_2025_55182, aggregated by home.social.
-
CVE-2025-55182 to attack Russian companies
#CVE_2025_55182 #RustoBot
https://bi-zone.medium.com/adversaries-exploit-cve-2025-55182-to-attack-russian-companies-1b4e98ca5804 -
Analyzing React2Shell Threat Actors
#CVE_2025_55182 #RondoDox
https://www.f5.com/labs/articles/analyzing-react2shell-threat-actors -
I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.This is doing some weird stuff, friends.
As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.
In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.
And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.
But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.
It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.
Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.
I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.
I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.
Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.
#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware
-
I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.This is doing some weird stuff, friends.
As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.
In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.
And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.
But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.
It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.
Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.
I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.
I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.
Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.
#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware
-
RondoDoX Botnet Weaponizes React2Shell
#RondoDox #CVE_2025_55182
https://www.cloudsek.com/blog/rondodox-botnet-weaponizes-react2shell -
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
#CVE_2025_55182 #MINOCAT #SNOWLIGHT #HISONIC #COMPOOD #EarthLamia #JACKPOTPANDA #UNC6600 #UNC6586 #UNC6588 #UNC6603 #UNC6595
https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182 -
React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182
#CVE_2025_55182
https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive -
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
#JACKPOTPANDA #EarthLamia #CVE_2025_55182
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ -
Critical Security Vulnerability in React Server Components
#CVE_2025_55182
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components -
📢 Faille critique RCE (CVSS 10) dans React Server Components (CVE-2025-55182) – mises à jour urgentes
📝 Selon react.dev, une vulnérabilité critique permettant une exécution de code à...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-faille-critique-rce-cvss-10-dans-react-server-components-cve-2025-55182-mises-a-jour-urgentes/
🌐 source : https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
#CVE_2025_55182 #CVSS_10_0 #Cyberveille -
A public service announcement regarding CVEs: one identified vulnerability gets one #CVE.
Each vendor doesn't get their own CVE that corresponds to their security bulletin.
CVE-2025-66478 is REJECTED as duplicate of CVE-2025-55182
-
There is an unauthenticated remote code execution vulnerability in React Server Components by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. This vulnerability is tracked as CVE-2025-55182.
Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.
The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of:
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopackSome React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk.
source: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components