A critical vulnerability dubbed 'React2Shell' (CVE-2025-55182) in React Server Components is being actively exploited by Chinese threat actors. The flaw affects multiple versions and packages, allowing arbitrary code execution through crafted HTTP requests. Approximately 39% of scanned cloud environments contain vulnerable React instances, with exploitation attempts showing a near 100% success rate. The vulnerability impacts popular frameworks and libraries bundling react-server. Chinese state-sponsored groups, including Earth Lamia and Jackpot Panda, are reportedly involved in the attacks. Organizations are urged to identify vulnerable assets, apply patches immediately, and block malicious IP addresses associated with exploitation attempts.