By Carly Page
Publication Date: 2025-12-18 11:42:00
Microsoft says attackers have already compromised “several hundred machines across a diverse set of organizations” via the React2Shell flaw, using the access to execute code, deploy malware, and, in some cases, deliver ransomware.
In a blog post this week, Redmond said attackers are actively exploiting CVE-2025-55182, better known as React2Shell, a critical flaw in React Server Components that can be abused to run arbitrary code on vulnerable servers.
According to Microsoft’s threat intelligence team, exploitation has already spread well beyond the proof-of-concept stage, with hundreds of compromised systems confirmed across multiple sectors and regions.
The company said attackers are abusing the flaw to run arbitrary commands, drop malware, and pivot deeper into victim environments, often blending the activity into legitimate-looking application traffic.
