Key Findings React2Shell vulnerability (CVE-2025-55182) in React version 19 and React Server Components (RSC) is being heavily exploited by threat actors Exploitation attempts have been observed targeting a wide range of sectors, particularly construction and entertainment industries Attackers are leveraging the vulnerability to deliver cryptocurrency miners and a variety of previously undocumented malware, including: PeerBlight Linux backdoor CowTunnel reverse proxy tunnel Z
