React2Shell Vulnerability Exploited in Large-Scale Credential Harvesting Campaign
Cisco Talos researchers discovered a threat actor actively exploiting the critical React2Shell vulnerability (CVE-2025-55182) in Next.js applications to steal credentials, cloud tokens, SSH keys, and other secrets at scale.
Key Points
- CVE-2025-55182 (React2Shell) has CVSS score of 10 and allows remote code execution
- Threat actor UAT-10608 uses automated scanning to find vulnerable Next.js applications
- Attackers harvest credentials, cloud tokens, SSH keys, and environment secrets
- Nexus Listener framework used for large-scale credential exfiltration
- Exposed instance contained SSH keys, cloud credentials, Kubernetes tokens, and Docker variables
Full Details
Cisco Talos security researchers have identified a large-scale credential harvesting campaign exploiting the React2Shell vulnerability (CVE-2025-55182) in Next.js applications. Tracked as UAT-10608, the threat actor uses automated scanning to identify applications impacted by this critical vulnerability, which has a CVSS score of 10 and allows remote, unauthenticated attackers to execute arbitrary code. Following initial access, the attackers leverage automated scripts and the Nexus Listener framework to harvest credentials, cloud tokens, SSH keys, and environment secrets at scale. Researchers found SSH private keys, cloud credentials, Kubernetes service account tokens, Docker container variables, and shell command history files on an exposed Nexus Listener instance used by the threat actor. Organizations using Next.js applications are urged to patch immediately as this campaign demonstrates active exploitation in the wild.
Why It Matters
The active exploitation of this critical vulnerability in production environments underscores the urgency for organizations to patch Next.js applications immediately, as attackers are actively targeting them for credential theft which can lead to further network compromise.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Artificial Intelligence
Microsoft Unveils Three Homegrown AI Models for Speech and Image Processing
Microsoft has released public preview versions of three in-house machine learning models focused on speech recognition, speech synthesis, and image generation, available through its Azure AI Foundry platform.
JetBlue and United Airlines Raise Baggage Fees Amid Rising Fuel Costs
JetBlue Airways and United Airlines have both increased their baggage fees, while airline stocks slipped amid renewed concerns about rising fuel costs, though travel demand remains strong.
New Utah Law Requires Aftermarket Auto Part Disclosures
Utah has enacted legislation requiring sellers of aftermarket auto parts to disclose whether components are new or refurbished, addressing consumer transparency concerns in the insurance and automotive repair industries.
Papa John's Launches 'Pizza Miles' Carryout Rewards to Help Customers Offset Rising Gas Prices
Papa John's announced a new 'Pizza Miles' program allowing Papa Rewards members to earn $4 in Papa Dough for carryout orders of $10 or more, aimed at helping customers cope with high gas prices linked to the Iran conflict.