React2Shell Vulnerability Actively Exploited, Putting Crypto Platforms at Severe Risk

A newly disclosed critical flaw in React Server Components, tracked as CVE-2025-55182 and known as React2Shell, is being aggressively exploited by multiple threat groups, putting thousands of websites — including major crypto platforms — in immediate danger. The vulnerability, revealed by React’s maintainers on Dec. 3, carries the highest severity rating and allows attackers to execute remote code on unpatched servers without any authentication, giving them near-total control.

The issue originates from how React handles and decodes requests sent to server-side components. By sending a specially crafted request, attackers can trick the server into executing arbitrary commands. Because React Server Components run backend logic, any compromise can lead to complete system takeover. The vulnerability affects React versions 19.0 through 19.2.0, including packages used widely by frameworks such as Next.js, meaning even applications that simply have the vulnerable packages installed may already be exposed.

Shortly after the flaw was announced, Google’s Threat Intelligence Group (GTIG) reported widespread, active exploitation. Threat actors ranging from financially motivated cybercriminals to nation-state hackers began deploying backdoors, malware, and crypto-mining software across cloud environments running React or Next.js. Some attackers quickly weaponized the vulnerability to install Monero mining scripts, silently draining server resources and degrading performance while generating profit.

For crypto platforms, the risk is even more alarming. These services rely heavily on modern JavaScript frameworks to manage wallet interactions, transaction flows, and signature prompts. A compromised front end allows attackers to inject malicious scripts capable of intercepting wallet data, manipulating transactions, or redirecting funds—potentially draining users’ assets even when the blockchain itself remains secure. Because users often trust the interface presented by their browser wallet, front-end security flaws like React2Shell present a significant and immediate threat.

With active exploitation underway, organizations using affected React versions are urged to patch immediately and audit their environments for signs of compromise.