React2Shell CVE-2025-55182 Update Patch-Again, New Chinese Threat Actors Exploits for react and Next скачать в хорошем качестве

React2Shell CVE-2025-55182 Update Patch-Again, New Chinese Threat Actors Exploits for react and Next

React2Shell (CVE-2025-55182) is a pre-auth, single-request RCE impacting React Server Components and widely reachable Next.js deployments. Since December 3, exploitation has been observed in the wild at scale, with heavy probing and fast-moving follow-on vulnerabilities that forced teams to patch again. Check full details: https://phoenix.security/react2shell-... In this video, Francesco Cipollone (CEO & Co-Founder, Phoenix Security) breaks down: • Why React2Shell is operationally “weird”: massive probing, uneven exploitation • The real attack workflow: discovery, validation, execution, post-exploitation, and exfiltration paths • The “patch-again” reality with follow-up CVEs: CVE-2025-55184, CVE-2025-67779, CVE-2025-55183 • What threat actors are doing (including China-nexus activity tracked by major intelligence reporting) • How to validate exposure safely using our open-source scanner and lab, and how Phoenix Security correlates external attack surface, code scanning, and ownership attribution Important: Any demonstration shown is for controlled lab environments only. Do not test against systems you do not own or explicitly control. Timestamps (chapters) 00:00 Intro: Francesco Cipollone, Phoenix Security 00:10 Why React2Shell is “weird” in real-world telemetry 00:21 Widespread reach: React Server Components and Next.js exposure 01:00 What’s new: follow-on CVEs, attack evolution, exfiltration paths 01:47 Affected components: React server-dom packages and Next.js 01:58 Follow-up vulnerabilities: CVE-2025-55184, CVE-2025-67779, CVE-2025-55183 02:43 Triage: how to know if you’re affected (prioritize web-facing) 03:14 Why this is severe: RCE parallels and attacker leverage 04:06 Post-exploitation: commands, secrets, lateral movement, cloud pivots 05:25 What’s vulnerable: webpack/parcel/turbopack and Next.js pathways 05:39 Follow-on CVEs: DoS and exposure risks, and why chaining still matters 06:10 Phoenix tooling: lab, scanners, and campaign-based tracking 06:49 Threat intel snapshot: actor activity, PoC release, detection spikes 07:31 Timeline recap: disclosure, PoC churn, and exposure counts 08:15 Phoenix Security view: correlate exposure, runtime, packages, ownership 09:41 CVE-2025-55182 Exploit Lab walkthrough: IOCs, payload folders, and lab structure 10:41 CVE-2025-55182 Exploit Lab up: vulnerable vs patched instances 10:55 Safe validation: scanner evidence collection against both instances 11:14 CVE-2025-55182 Exploit Lab-only impact verification and expected outcomes 12:09 What to prioritize first: public systems, low-friction exploitation 13:32 Fix strategy: upgrades, pinning versions, regression testing 14:12 Closing: scan, validate, track drift, stay safe Resources referenced: • React2Shell resources hub: https://phoenix.security/react2shell-... • Deep technical anatomy: https://phoenix.security/react-nextjs... • Exploitation timeline and updates: https://phoenix.security/react2shell-... • Repo scanner + lab: https://github.com/Security-Phoenix-d... • Web scanner: https://github.com/Security-Phoenix-d... • IOC bundle: https://github.com/Security-Phoenix-d... If you’re running Next.js with React Server Components, prioritize internet-facing workloads, validate production versions (not just CI), and treat exposed RSC paths as incident-grade until proven patched. #React2Shell #CVE202555182 #Nextjs #ReactServerComponents #ASPM #VulnerabilityManagement #DevSecOps #ApplicationSecurity ⸻