Hakira Logo
SecurityDecember 10, 20256 min read

Critical Security Vulnerability in React Server Components (CVE-2025-55182)

Hakira

Hakira

Critical Security Vulnerability in React Server Components (CVE-2025-55182)

Following the public release of information regarding CVE-2025-55182 (React2Shell) on December 3, 2025, exploitation attempts were detected in a very short timeframe. Amazon’s threat intelligence team reports that several China-linked APT groups, including Earth Lamia and Jackpot Panda, have already begun targeting the flaw. The vulnerability impacts React Server Components, carrying a CVSS score of 10.0 (critical) and affects React 19.x as well as Next.js 15.x / 16.x setups using the App Router. The issue does not impact AWS-managed services, but the information is shared to ensure organizations using self-hosted React/Next.js environments respond quickly.

China-based state groups remain highly active in leveraging newly disclosed vulnerabilities, often operationalizing exploits only hours after publication. Using the HAKIRA01 AI Agent, our analysts observed both familiar actors and new threat clusters attempting to weaponize CVE-2025-55182 on our clients assets.

AWS customers relying on managed solutions are currently safe, but those running their own React/Next.js applications on EC2, containers, or similar environments must patch and update immediately to mitigate risk.

CVE-2025-55182 (React2Shell) Explained

Threat groups are actively leveraging both mass-scanning frameworks and manual PoC-based exploitation attempts. Some automated tools observed in the wild even use methods like rotating user-agents to evade basic detection rules. Their activity isn’t limited to CVE-2025-55182 — Amazon analysts also recorded exploitation attempts targeting other recently disclosed N-days, such as CVE-2025-1338, indicating that attackers track new vulnerabilities closely, integrate exploits into their toolsets extremely fast, and run parallel campaigns across multiple CVEs to increase their success rate.

Public PoCs: volume over reliability

An interesting takeaway from ongoing monitoring is that a large number of attackers are using publicly available PoCs that are either incomplete or entirely ineffective. Community researchers on GitHub noted several recurring issues, such as:

  • Demo applications used in some PoCs explicitly enable hazardous modules (fs, child_process, vm) within the server manifest — something that real production deployments should never expose.
  • A number of repositories showcase "exploits" which remain vulnerable even on patched versions, highlighting misunderstanding of the root flaw.

Despite their flaws, these PoCs are still widely used by adversaries, showing several behavioral traits:

  • Speed beats precision - actors weaponize PoCs rapidly instead of validating them.
  • Spray-and-pray strategy - mass scanning with multiple PoCs increases the chance of finding improperly configured targets.
  • Lower entry threshold - even inexperienced operators can join campaigns simply by copying public code.
  • Noise as a side effect - failed attempts flood logs, potentially masking quieter, more effective exploitation efforts.

Attackers are persistent and iterative

Data from MadPot sensors highlight how determined some clusters are. One unattributed group, linked to IP 183[.]6.80.214, repeatedly tested exploitation paths for nearly an hour - from 02:30:17 to 03:22:48 UTC on December 4, 2025 - issuing 116 requests, rotating payloads, attempting OS command execution (whoami, id), trying to write files to /tmp/pwned.txt, and reading sensitive paths like /etc/passwd.

This illustrates that the activity is not purely automated scanning; adversaries are actively debugging, adapting, and refining exploit chains in real time when initial attempts fail.

CVE-2025-55182 was originally identified by Lachlan Davidson and privately shared with the React team on November 29, 2025. The flaw affects React Server Components and stems from insecure deserialization behavior, earning it the nickname React2Shell within the security community.

How HAKIRA01 AI Agent Quickly Responds to CVE-2025-55182 and Reduces Time-to-Mitigation

The disclosure of CVE-2025-55182 showed how rapidly threat actors weaponize newly released exploits - often within hours. This is exactly where HAKIRA01 AI Agent provides a tangible defensive advantage. Once the vulnerability was publicly documented, HAKIRA01 automatically ingested CVE metadata, PoC activity, exploit discussions, and threat-intel signals from public feeds. The agent mapped impacted components (React Server Components in React 19.x and Next.js 15/16 with App Router), generated signatures for detection, and highlighted urgent remediation steps.

While adversaries were actively scanning and debugging exploits, HAKIRA01 was already:

  • Flagging vulnerable assets inside client environments
  • Recommending immediate patch paths and version upgrades
  • Generating WAF/DPI rules to block next-action / rsc-action-id exploit requests
  • Preparing log-based detection queries for SOC teams
  • Alerting engineers to unusual file writes or spawned processes

By automating intelligence gathering and response actions, the agent compresses what normally takes security teams hours or days into minutes. This rapid cycle means organizations relying on HAKIRA01 can patch and deploy defensive controls before exploitation attempts start spreading widely - reducing attack surface dramatically and avoiding incident escalation.

In short, while public PoCs flooded GitHub and threat actors began scanning, HAKIRA01 was already transforming the CVE into actionable defense steps - helping our clients stay ahead instead of reacting afterward.

Summary of the vulnerability

  • Severity: CVSS 10.0 - highest possible rating
  • Impact: Remote code execution without authentication
  • Scope: React 19.x and Next.js 15.x / 16.x projects using App Router
  • Notable detail: Applications remain exposed as long as RSC functionality is enabled, even if server functions aren’t explicitly used

The issue was shared responsibly with Meta and key cloud vendors (including AWS) by Vercel ahead of public release, allowing them to prepare mitigations and security controls in advance.

Who is actively exploiting the vulnerability?

Data captured through AWS MadPot sensors points to ongoing exploitation attempts tied to infrastructure historically linked with China-based state-sponsored activity. Precise attribution remains difficult due to heavy use of shared anonymization networks, but several clusters stand out:

  • Earth Lamia-linked infrastructure: Known for leveraging web vulnerabilities in campaigns across Latin America, Middle East, Southeast Asia, often focusing on finance, logistics, retail, IT, universities, and government sectors.
  • Jackpot Panda-linked infrastructure: Primarily focuses on East and Southeast Asian targets, likely pursuing intelligence related to internal security and corruption topics.
  • Shared anonymization ecosystems: Chinese operators frequently rely on large anonymization networks for scanning, exploitation, and C2 activities. These resources are often used jointly by multiple groups, complicating direct attribution.

Beyond these actors, numerous unattributed clusters display behavioral signatures consistent with Chinese operational tactics. A noticeable portion of related ASNs are tied to Chinese networks, reinforcing that most hostile activity originates from this region. The near-immediate adoption of public PoCs highlights a familiar trend: As soon as exploit code appears online, advanced groups move fast to weaponize it.

Urgent mitigation steps

  1. Patch and update all affected React/Next.js deployments to fixed versions.
  2. Apply the temporary WAF custom rule as an additional protective layer until full patching is completed.
  3. Audit web and application logs for anomalies that may indicate exploitation attempts.
    • Pay special attention to POST requests containing next-action or rsc-action-id headers.
  4. Investigate unusual system behavior on hosts serving React applications.
    • Unfamiliar processes or altered files may be signs of compromise.

Organizations running fully managed AWS services are not impacted and do not need to take any action.

Potential signs of intrusion

Network-level indicators

  • POST traffic to endpoints featuring next-action or rsc-action-id headers
  • Requests containing "status":"resolved_model" within the body
  • Payloads with $@ syntax

Host-level indicators

  • Execution of reconnaissance commands such as whoami, id, uname
  • Attempts to access /etc/passwd
  • Suspicious file creation inside /tmp/ (e.g., pwned.txt)
  • Unexpected child processes originating from Node.js/React runtime

Related Articles