State-Linked Groups Exploit Critical Flaw in React Server Components

Rapid Exploitation by State-linked Groups

Researchers recently identified serious vulnerabilities in Meta’s React Server Components and Next.js. Specifically, they revealed a threat linked to the China-nexus groups Earth Lamia and Jackpot Panda. These groups began targeting a flaw, known as CVE-2025-55182, shortly after it was made public. Within hours of the disclosure, they attempted to exploit this critical issue, indicating a level of urgency and sophistication in their tactics.

The vulnerability, dubbed React2Shell, allows attackers to execute arbitrary code. This risk arises from unsafe handling of incoming payloads at React Server Function endpoints. As a result, threats to nearly 970,000 servers running these frameworks intensify. Additionally, security entities have observed opportunistic attempts to exploit this flaw, which has already made its way into various botnet kits, like Mirai.

The Call for Immediate Action

Given the widespread usage of React and Next.js, the implications are significant. This vulnerability can permit malicious payloads to execute with the same reliability as trustworthy code. Therefore, developers must prioritize securing their systems. Meta promptly issued a patch following its discovery and strongly advised users to apply updates without delay.

As we enhance our digital landscape, understanding these vulnerabilities becomes crucial. This situation serves as a reminder of the ongoing battle between cybersecurity and adversaries. React and Next.js play vital roles in modern development, but that popularity also makes them attractive targets. The tech community must remain vigilant and proactive to safeguard applications today and in the future.