Nine-Month RondoDox Botnet Campaign Exploits Critical React2Shell Vulnerability

Cybersecurity researchers at CloudSEK have uncovered a persistent campaign targeting Internet of Things (IoT) devices and web applications to integrate them into the RondoDox botnet. Active for approximately nine months, this campaign has been exploiting the critical React2Shell vulnerability (CVE-2025-55182, CVSS score: 10.0) as an initial access vector since December 2025. This vulnerability allows attackers to compromise devices and servers, recruiting them into the RondoDox botnet. The use of a critical vulnerability with a perfect CVSS score underscores the severe nature of this threat. Botnets like RondoDox are networks of compromised devices that can be used for various malicious purposes, including distributed denial-of-service (DDoS) attacks, data theft, and further propagation of malware. The exploitation of IoT devices is particularly concerning due to their often limited security measures and ubiquitous presence in both consumer and industrial environments. The impact on the cybersecurity landscape is significant. The prolonged nature of the campaign suggests that the attackers have been able to evade detection for an extended period, highlighting the need for continuous monitoring and timely patching of vulnerabilities. The use of a critical vulnerability like React2Shell emphasizes the importance of maintaining up-to-date systems and implementing robust security protocols. For cybersecurity professionals, this campaign serves as a reminder of the critical importance of vulnerability management and the need for comprehensive security strategies that include regular updates, network segmentation, and intrusion detection systems. Organizations should prioritize patching known vulnerabilities, particularly those with high CVSS scores, and monitor their networks for signs of botnet activity. In conclusion, the RondoDox botnet campaign exploiting the React2Shell vulnerability is a stark reminder of the ongoing threats posed by botnets and the importance of proactive cybersecurity measures.