THREAT OPS › Threat News › Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromise
Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromise
<p>On December 3, 2025 (local time), a vulnerability allowing unauthenticated remote code execution in React Server Components (RSC) (<a href="https://www.jpcert.or.jp/newsflash/2025120501.html" target="_blank">CVE-2025-55182</a>) was disclosed. JPCERT/CC has received multiple incident reports related to this attack. Among them, there was a case in which this vulnerability was exploited by multipl
MITRE ATT&CK techniques
Indicators of compromise
- 5bae25736a09de5f4a0f9761d2b7bfa81ca8dba39de2a724473c9d021a65daa9sha256
- ba43e447e63611d365300bf2e8e43ccb02ea112778d0d555ef9a9ccf6169808bsha256
- ac3e12fa0aa4d6e4eed322e81ecf708a8c9bea29247ae6b26cc39d3b3a6c2fb8sha256
- a536d755313ce550a510137211eca6171f636fb316026e9df8523c496c8fcd12sha256
- 0c748b9e8bc6b5b4fe989df67655f3301d28ef81617b9cbe8e0f6a19d4f9b657sha256
- 1a1edbea47162b1aa844252fcd4fb97f2a67faec1993e7819efc6a04b7c15552sha256
- 0d07a974993221305ca7af139b73d9de1dcd992f553215e4f041e830a2d82729sha256
- 5baa52387daedea5e3e00adf96ecacb4a2cdc98100664f29ac86e8e4a423baafsha256
- c1a9cfc62626118bd9f54e401fd52ecd2d766a5e8a69dbc7db909ea5c987fcc0sha256
- 4a74676bd00250d9b905b95c75c067369e3911cdf3141f947de517f58fc9f85csha256
- cb5f62bf7b591e69bd38e6bf8e40e8d307d154b2935703422d44f02e403d2e78sha256
- CVE-2025-55182cve
- https://www.jpcert.or.jp/newsflash/2025120501.htmlurl
- https://sect.iij.ad.jp/blog/2025/11/unc5174-windows-snowlight-in-2025/url
- 45.143.131.123ipv4
- 154.89.152.240ipv4