A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
The key themes that defined the year behind us will also shape the one ahead. The most-read articles of 2025 tracked a return ...
RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...
Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
This template is built with Next.js and is free for you to use or modify as you see fit. If you'd like to try this application without modification, you can deploy an instance in just a few clicks ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback