CVE-2025-55182

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 17 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

84.49%

probability

This CVE has a 84.49% probability of being exploited in the next 30 days.

0% Top 99.3th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-502 · Deserialization of Untrusted Data CWE-664 · Improper Control of a Resource Through its Lifetime CWE-913 · Improper Control of Dynamically-Managed Code Resources

Exploits & PoC

assetnote/react2shell-scanner

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

2437

msanft/CVE-2025-55182

Explanation and full RCE PoC for CVE-2025-55182

1404

lachlan2k/React2Shell-CVE-2025-55182-original-poc

Original Proof-of-Concepts for React2Shell CVE-2025-55182

1039

ejpir/CVE-2025-55182-research

CVE-2025-55182 POC

796

mrknow001/RSC_Detector

Supports RSC fingerprinting and exploitation of the React component vulnerability CVE-2025-55182.

567

emredavut/CVE-2025-55182

RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478

311

zack0x01/CVE-2025-55182-advanced-scanner-

PoC CVE-2025-55182 — zack0x01/CVE-2025-55182-advanced-scanner-

276

ynsmroztas/NextRce

React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)

246

alptexans/RSC-Detect-CVE-2025-55182

RSC Detect CVE 2025 55182

190

9 repos — triés par ⭐ Rechercher sur GitHub ↗

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

TheHackerNews Jan 29, 2026

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

TheHackerNews Feb 05, 2026

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

TheHackerNews Dec 16, 2025

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

TheHackerNews Dec 06, 2025

Hackers exploit React2Shell in automated credential theft campaign

BleepingComputer Apr 05, 2026

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

TheHackerNews Apr 02, 2026

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

TheHackerNews Feb 09, 2026

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

TheHackerNews Jan 05, 2026

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

TheHackerNews Jan 01, 2026

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

TheHackerNews Dec 12, 2025

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

TheHackerNews Dec 12, 2025

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

TheHackerNews Dec 10, 2025

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

TheHackerNews Dec 09, 2025

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

TheHackerNews Dec 05, 2025

[MàJ] Vulnérabilité dans React Server Components (05 décembre 2025)

CERT-FR Dec 05, 2025

Security Advisory 2025-041

CERT-EU Dec 04, 2025

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

TheHackerNews Dec 03, 2025

Signal Intelligence

Confidenceⓘ

92%

EPSS 84.49%

Mentions 17

Last Seen Apr 05, 2026

CNA Information

Analyst Note

CVE-2025-55182 is explicitly named in article [4] as added to CISA KEV following confirmed active exploitation in the wild. The critical RCE in React Server Components has been actively exploited post-publication (Dec 3, 2025), meeting zero-day criteria.

Threat Actors 73

Lazarus Group

apt_group Information theft and espionage 🇰🇵 KP

APT 29

apt_group Information theft and espionage 🇷🇺 RU

Mustang Panda

apt_group Information theft and espionage 🇨🇳 CN

APT27

apt_group Information theft and espionage 🇨🇳 CN

Cobalt

apt_group Financial crime 🇷🇺 RU

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Cron

apt_group 🇷🇺 RU

Kimsuky

apt_group Information theft and espionage 🇰🇷 KR

EMISSARY PANDA

apt_group Information theft and espionage 🇨🇳 CN

Hammer Panda

apt_group Information theft and espionage 🇨🇳 CN

CHRYSENE

apt_group Information theft and espionage 🇮🇷 IR

Vicious Panda

apt_group Information theft and espionage 🇨🇳 CN

Hacking Team

apt_group 🇮🇹 IT

Cleaver

apt_group Information theft and espionage 🇮🇷 IR

Watchdog

apt_group 🇨🇳 CN

Stone Panda

apt_group Information theft and espionage 🇨🇳 CN

Kinsing

apt_group 🇷🇺 RU

Tick

apt_group Information theft and espionage 🇨🇳 CN

Gamaredon Group

apt_group Information theft and espionage 🇷🇺 RU

Operation C-Major

apt_group Information theft and espionage 🇵🇰 PK

HAZY TIGER

apt_group Information theft and espionage 🇮🇳 IN

ELECTRUM

apt_group Information theft and espionage 🇷🇺 RU

Equation Group

apt_group Sabotage and destruction 🇺🇸 US

Infy

apt_group Information theft and espionage 🇮🇷 IR

Volt Typhoon

apt_group Information theft and espionage 🇨🇳 CN

Group 27

apt_group Information theft and espionage 🇨🇳 CN

BRONZE HIGHLAND

apt_group Information theft and espionage 🇨🇳 CN

Inception Framework

apt_group Information theft and espionage 🇷🇺 RU

ArcaneDoor

apt_group 🇨🇳 CN

Camaro Dragon

apt_group Information theft and espionage 🇨🇳 CN

TA428

apt_group Information theft and espionage 🇨🇳 CN

APT24

apt_group Information theft and espionage 🇨🇳 CN

FASTCash

apt_group Information theft and espionage 🇰🇵 KP

Earth Lamia

apt_group Information theft and espionage 🇨🇳 CN

UNC1549

apt_group Information theft and espionage 🇮🇷 IR

UNC5174

apt_group 🇨🇳 CN

Inception

apt_group Information theft and espionage 🇷🇺 RU

Twisted Panda

apt_group Information theft and espionage 🇨🇳 CN

PhantomCore

apt_group 🇷🇺 RU

SNOWGLOBE

apt_group Information theft and espionage 🇫🇷 FR

Returned Libra

apt_group 🇨🇳 CN

TEMP.Hermit

apt_group Information theft and espionage 🇰🇵 KP

APT-C-27

apt_group Information theft and espionage 🇸🇾 SY

Head Mare

apt_group 🇺🇦 UA

GOBLIN PANDA

apt_group Information theft and espionage 🇨🇳 CN

Rocke

apt_group 🇨🇳 CN

APT 6

apt_group Information theft and espionage 🇨🇳 CN

Librarian Ghouls

apt_group 🇷🇺 RU

GOFFEE

apt_group 🇷🇺 RU

UNC215

apt_group Information theft and espionage 🇨🇳 CN

PKPLUG

apt_group Information theft and espionage 🇨🇳 CN

TA406

apt_group Information theft and espionage 🇰🇵 KP

Water Saci

apt_group 🇧🇷 BR

UNG0901

apt_group 🇺🇦 UA

Red October

apt_group 🇷🇺 RU

Dizzy Panda

apt_group Information theft and espionage 🇨🇳 CN

ToddyCat

apt_group Information theft and espionage 🇨🇳 CN

Test Panda

apt_group 🇨🇳 CN

Circles

apt_group Global

Operation Red Signature

apt_group Information theft and espionage 🇨🇳 CN

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

Mana Team

apt_group 🇨🇳 CN

Iron Group

apt_group Information theft and espionage 🇨🇳 CN

BRONZE SPRING

apt_group Information theft and espionage 🇨🇳 CN

Poisonous Panda

apt_group Information theft and espionage 🇨🇳 CN

Sima

apt_group Information theft and espionage 🇮🇷 IR

Stolen Pencil

apt_group Information theft and espionage 🇰🇷 KR

Operation Shadow Force

apt_group 🇨🇳 CN

SharpPanda

apt_group Information theft and espionage 🇨🇳 CN

Big Panda

apt_group 🇨🇳 CN

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Beijing Group

apt_group Information theft and espionage 🇨🇳 CN

Lurk

apt_group Financial crime 🇷🇺 RU

Triage Info

Decided atMar 05, 2026