Massive Credential Harvesting Operation Exploits Next.js Vulnerability CVE-2025-55182

A large-scale credential harvesting operation has been observed, exploiting the React2Shell vulnerability, also known as CVE-2025-55182, as an initial infection vector to steal sensitive data.

The stolen data includes database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens, highlighting the severity of the breach.

According to Cisco Talos, the operation has successfully breached 766 Next.js hosts, emphasizing the need for immediate action to patch the vulnerability and prevent further exploitation.

The React2Shell vulnerability, identified as CVE-2025-55182, is a critical flaw that allows attackers to gain unauthorized access to sensitive data, making it a prime target for threat actors.

Organizations using Next.js are advised to update their systems and apply the necessary patches to prevent exploitation of the CVE-2025-55182 vulnerability, ensuring the security of their data and systems.

As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and proactive in addressing vulnerabilities, such as CVE-2025-55182, to prevent large-scale credential harvesting operations.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

SparkCat Malware Variant Targets iOS and Android Devices to Steal Crypto Wallets

SparkCat Malware Resurfaces: Android and iOS Apps Targeted with Crypto Wallet Theft