React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects React Server Components (RSC) Flight protocol. underlying cause issue is an unsafe deserialization that allows attacker inject malicious logic server executes in a privileged context. It also other frameworks, including Next.js, Waku, Vite, Router, RedwoodSDK. "A single, specially crafted HTTP request sufficient; there no authentication requirement, user interaction, or elevated permissions involved," Cloudforce One, Cloudflare's threat intelligence team, said . "Once successful, can execute arbitrary, JavaScript on affected server." Since its public disclosure 3, shortcoming... https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html