THREAT OPS › Threat News › React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Traffic
React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Traffic
Two months after CVE-2025-55182 was disclosed on December 3, 2025, exploitation activity targeting React Server Components has consolidated significantly.
Indicators of compromise
- CVE-2025-55182cve
Original source: https://www.greynoise.io/blog/react2shell-exploitation-consolidates