Threat Intelligence 7 min read
React2Shell: CVE-2025-55182 in Next.js Compromises 766 Servers and Automatically Harvests Credentials and Secrets
CVE-2025-55182 (CVSS 10.0) affects React Server Components and Next.js App Router. The UAT-10608 group (Cisco Talos) exploits the flaw to automatically harvest database credentials, SSH keys, AWS secrets, GitHub tokens, and Stripe keys from 766 confirmed hosts.