It didn’t take long: CVE-2025-55182 is now under active exploitation
Essential information
- Published
- 11/12/2025 15:16
- Modified
- 21/12/2025 19:01
- Tags
- 2025-12-11 CVE-2025-55182 botnet crypto-miner exploitation gafgyt honeypot mirai react server components react4shell rondodox vulnerability xmrig
- Related entities
- 1 vulnerabilities (cve), 46 observables, 14 techniques (mitre), 4 malware, 2 others
Description
A critical vulnerability (CVE-2025-55182) affecting React Server Components has been actively exploited since its disclosure on December 4, 2025. The flaw, dubbed React4Shell, allows attackers to execute commands and manipulate files on vulnerable web applications. Kaspersky honeypots detected a surge in exploitation attempts, with attackers deploying various malware, including crypto miners and the RondoDox botnet. The vulnerability affects multiple React-related packages and bundles. Threat actors are leveraging this exploit to steal credentials, compromise cloud infrastructures, and potentially launch supply chain attacks. Immediate patching and implementation of security measures are strongly recommended to mitigate risks associated with this high-severity vulnerability.