React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182

**Executive Summary:** The report documents CVE-2025-55182 (React2Shell), a critical RCE in React Server Components that is being actively exploited against Next.js and other RSC-enabled platforms; observed attacker activity includes credential harvesting, cloud metadata access, containerized cryptomining, Sliver-based persistent backdoors, fileless Node.js webshells and in-memory exfiltration, and the report provides PoC analysis, TTP descriptions and a long list of IOCs for detection and response.