Active exploitation notice: React2Shell critical vulnerability (CVE-2025-55182)

Expel Intel warns of a critical, actively exploited vulnerability (CVE-2025-55182) impacting React Server and Next.js that enables remote code execution; proof-of-concepts were publicly used within days of disclosure and an estimated 60,000 servers were exposed. The report urges immediate patching, scanning for vulnerable apps (on-prem and cloud), and hunting ingress logs for specific request headers and serialized payload patterns (e.g., next-action, Rsc-action-id, "$@", "status":"resolved_model", and function constructors) to detect exploitation attempts.