Hackers exploit React2Shell in automated credential theft campaign
Summary
A large-scale, automated campaign is underway to steal credentials by exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js applications. This vulnerability allows attackers to gain unauthorized access to sensitive user data.
IFF Assessment
The exploitation of a known vulnerability to steal credentials represents a direct threat to users and organizations, empowering attackers.
Severity
The CVSS score is estimated based on the likely impact of credential theft from Next.js applications, which often handle sensitive user information and can lead to further system compromise. The exploit vector is likely network-based and exploits a known vulnerability.
Defender Context
Defenders should prioritize patching or updating Next.js applications to mitigate the React2Shell vulnerability. Monitoring for indicators of compromise related to credential theft and unauthorized access attempts is crucial during active exploitation campaigns.