Massive Credential Harvesting Operation Exploits React2Shell Vulnerability CVE-2025-55182

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability, also known as CVE-2025-55182, as an initial infection vector to steal sensitive information.

The threat actors behind this operation have managed to breach 766 Next.js hosts, resulting in the theft of database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens.

Cisco Talos has attributed the operation to a threat cluster it tracks, highlighting the severity of the situation and the need for immediate action to prevent further breaches.

The React2Shell vulnerability, identified as CVE-2025-55182, is a critical flaw that allows attackers to gain unauthorized access to sensitive data, making it a prime target for malicious actors.

According to reports, the attackers are using the stolen credentials to gain further access to sensitive systems and data, emphasizing the importance of prompt patching and robust security measures to prevent such incidents.

Organizations using Next.js hosts are advised to take immediate action to patch the vulnerability and protect their sensitive information from falling into the wrong hands.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

New Cryptojacking Campaign Uncovered: REF1695 Operation Spreads RATs and Miners

Cisco Patches Critical IMC Vulnerability with 9.8 CVSS Score