Critical CVE in React Server Components Actively Exploited

A severe unauthenticated remote code execution vulnerability (CVE-2025-55182, "React2Shell") in React Server Components affects React 19.x and many Next.js integrations, enabling full server takeover via insecure deserialization. Rated CVSS 10.0 and rapidly weaponized, the flaw is being actively exploited by China-nexus actors, mass-scanning botnets, and opportunistic attackers; observed post-exploitation activity includes remote shells, cryptominers, credential harvesting, and persistence. Aqua recommends scanning, upgrading to patched versions, and applying runtime protections and CI/CD hardening to mitigate risk.