Chinese Hacker Groups Exploit Critical React Server Components Vulnerability Within Hours of Disclosure

The cybersecurity community is on high alert as two Chinese hacker groups have been observed exploiting a critical vulnerability in React Server Components (RSC). The vulnerability, tracked as CVE-2025-55182 and dubbed React2Shell, has a CVSS score of 10.0, indicating maximum severity. It allows for unauthenticated remote code execution, posing a significant threat to systems using vulnerable versions of React. The vulnerability has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1. React Server Components are a feature that allows components to be rendered on the server, improving performance but also introducing new attack surfaces. The rapid exploitation of this vulnerability by state-sponsored actors underscores the critical importance of prompt patch management. Organizations using React Server Components should prioritize updating to the patched versions immediately to mitigate the risk of compromise. Additionally, implementing robust monitoring and detection mechanisms can help identify potential exploitation attempts. This incident serves as a stark reminder of the ongoing threat posed by advanced persistent threat (APT) groups and the necessity for vigilant cybersecurity practices. Given the severity of the vulnerability and the active exploitation in the wild, cybersecurity professionals must take immediate action to protect their systems.