Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Cloudforce One
Word Count
2,137
Company Posts That Month
14
Language
English
Hacker News Points
-
Post removed?
No
Summary

On December 3, 2025, the React Team disclosed a critical vulnerability, CVE-2025-55182, known as React2Shell, which affects servers using the React Server Components Flight protocol by allowing remote code execution through unsafe deserialization. This vulnerability quickly attracted exploitation attempts, especially from Asia-linked threat groups, using various tools for scanning and reconnaissance. In addition to React2Shell, two other related vulnerabilities, CVE-2025-55183 and CVE-2025-55184, were disclosed, both concerning React Server Component implementations. Cloudflare responded by deploying new Web Application Firewall (WAF) rules to protect against these vulnerabilities, but emphasized the importance of patching affected systems as the most reliable defense. The initial wave of exploitation involved systematic probing and leveraging public vulnerability intelligence and scanning tools, with a focus on high-value targets and strategic regions. Cloudflare's mitigation efforts included continuous monitoring and rule updates to adapt to evolving exploit tactics, highlighting the persistent threat posed by these vulnerabilities.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 2 1,206 193 82 -5%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.