Next.js Hosts Under Attack: Hackers Exploit CVE-2025-55182 for Credential Harvesting

A large-scale credential harvesting operation has been observed, leveraging the React2Shell vulnerability, also known as CVE-2025-55182, to breach 766 Next.js hosts and steal sensitive information.

The attackers are exploiting this vulnerability as an initial infection vector to gain unauthorized access to the hosts and steal valuable credentials, including database credentials, SSH private keys, and Amazon Web Services (AWS) secrets.

According to Cisco Talos, the operation is attributed to a threat cluster, highlighting the sophistication and organization of the attackers involved in this campaign.

The stolen credentials also include shell command history, Stripe API keys, and GitHub tokens, emphasizing the severity of the breach and the potential for further attacks and exploitation.

The attack underscores the importance of keeping software and dependencies up-to-date, as well as implementing robust security measures to prevent such breaches.

As the threat landscape continues to evolve, it is crucial for organizations to stay vigilant and proactive in protecting their systems and sensitive information from such exploits.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

SparkCat Malware Resurfaces: Android and iOS Apps Targeted with Crypto Wallet Theft

Breaking Cybersecurity Threats: Chained Exploits, Rootkits, and Cloud Evasion