CVE-2025-55182 Exploited in Large-Scale Credential Harvesting Operation

A large-scale credential harvesting operation has been observed, with hackers exploiting the React2Shell vulnerability, also known as CVE-2025-55182, to gain initial access to systems.

The vulnerability is being used to steal sensitive information, including database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens.

According to Cisco Talos, the operation has already breached 766 Next.js hosts, highlighting the severity of the issue and the need for immediate action to patch the vulnerability.

The React2Shell vulnerability, CVE-2025-55182, is a significant threat, and its exploitation has far-reaching consequences, including the potential for lateral movement and further attacks.

Organizations are advised to take immediate action to patch the vulnerability and protect their systems from potential attacks, as the threat cluster behind the operation continues to evolve and expand its reach.

By prioritizing patch management and implementing robust security measures, organizations can reduce the risk of falling victim to this large-scale credential harvesting operation and protect their sensitive information from unauthorized access.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Cybersecurity Threats: Pre-Auth Chains, Android Rootkits, and CloudTrail Evasion

Cisco Releases Critical Security Patches for IMC and SSM Vulnerabilities