This new React bug can drain your wallets if not caught

تكنلوجيا اليوم 2025-12-16 05:25:00 A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users possibly seeing all their assets drained, if impacted.The flaw, tracked as CVE-2025-55182 and nicknamed React2Shell, allows attackers to execute code remotely on affected servers without authentication. React’s maintainers disclosed the issue on Dec. 3 and assigned it the highest possible severity score.Shortly after disclosure, GTIG observed widespread exploitation by both financially motivated criminals and suspected state-backed hacking groups, targeting unpatched React and Next.js applications across cloud environments.Loading...What the vulnerability doesReact Server Components are used to run parts of a web application directly on a server instead of in a user’s browser. The vulnerability stems from how React decodes incoming requests to these server-side functions.In simple terms, attackers can send a specially crafted web request that tricks the server into running arbitrary commands, or effectively handing over control of the system to the attacker.The bug affects React versions 19.0 through 19.2.0, including packages used by popular frameworks such as Next.js. Merely having the vulnerable packages installed is often enough to allow exploitation.How attackers are using itThe Google Threat Intelligence Group (GTIG) documented multiple active campaigns using the flaw to deploy malware, backdoors and crypto-mining software.Some attackers began exploiting the flaw within days of disclosure to install Monero mining software. These attacks quietly consume server resources and electricity, generating profits for attackers while degrading system performance for victims.Crypto platforms rely heavily on modern JavaScript frameworks such as React and Next.js, often handling wallet interactions, transaction signing and permit approvals through front-end code.If a website is compromised, attackers can inject malicious scripts that intercept wallet interactions or redirect transactions to their own wallets— even if the underlying blockchain protocol remains secure.That makes front-end vulnerabilities particularly dangerous for users who sign transactions through browser wallets.self.__next_f.push([1,"33:[\"$\",\"$L2c\",null,{\"children\":[\"$\",\"script\",null,{\"id\":\"schema\",\"type\":\"application/ld+json\",\"data-ot-ignore\":true,\"dangerouslySetInnerHTML\":{\"__html\":\"$5c\"}}]}]\n34:[\"$\",\"$e\",null,{\"fallback\":null,\"children\":[\"$\",\"$L5d\",null,{\"state\":{\"remaining\":2,\"limit\":3,\"allowed\":false,\"public\":true,\"metered\":false,\"authorized\":false,\"premium\":false,\"type\":\"disabled\",\"pathname\":\"/tech/2025/12/16/new-react-bug-that-can-drain-all-your-tokens-is-impacting-thousands-of-websites\"}}]}]\n35:[\"$\",\"$L2c\",null,{\"children\":[\"$\",\"$L5e\",null,{\"vars\":{\"tags\":null,\"post_id\":\"ee4b6935-4ee1-4c14-b97e-b08ed9cd3be3\",\"primary_section\":\"tech\",\"secondary_section\":null,\"regwall_state\":\"disabled\",\"reg_plan\":\"\"}}]}]\n39:[[\"$\",\"$L37\",null,{\"data-ot-ignore\":true,\"id\":\"gpt-init\",\"children\":\" window.googletag = window.googletag || { cmd: [] };\"}],[\"$\",\"$L37\",null,{\"id\":\"gpt-script\",\"src\":\"https://securepubads.g.doubleclick.net/tag/js/gpt.js\",\"data-ot-ignore\":true}]]\n3a:[\"$\",\"$L37\",null,{\"id\":\"google-recaptcha-v3\",\"src\":\"https://www.google.com/recaptcha/api.js?render=6LdD_vElAAAAAC4MH8sVjuaAFGSN1fmOs8QJv8jW\",\"data-ot-ignore\":true,\"defer\":true,\"async\":true}]\n3b:[\"$\",\"$L5f\",null,{}]\n3c:[\"$\",\"script\",null,{\"type\":\"text/javascript\",\"id\":\"hs-script-loader\",\"async\":true,\"defer\":true,\"src\":\"//js-eu1.hs-scripts.com/27197889.js?businessUnitId=17686039\"}]\n3d:[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://www.google-analytics.com\"}]\n3e:[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://cdn.sanity.io\"}]\n3f:[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://connect.facebook.net\"}]\n40:[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://cdn.jwplayer.com\"}]\n41:[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://cloudfront-us-east-1.images.arcpublishing.com\"}]\n42:[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://downloads.coindesk.com\"}]\n43:[\"$\",\"link\",null,{\"rel\":\"icon\",\"sizes\":\"any\",\"href\":\"/favicons/production/favicon.ico\"}]\n44:[\"$\",\"link\",null,{\"rel\":\"icon\",\"type\":\"image/svg+xml\",\"href\":\"/favicons/production/favicon.svg\"}]\n45:[\"$\",\"link\",null,{\"rel\":\"i"])

This new React bug can drain your wallets if not caught

What the vulnerability does

How attackers are using it

admin

Blockchain Browser Courageous Information Adtech Complaints Towards Google

Huawei Mate X6 overview

Xiaomi Redmi Notice 14 professional+ hands-on overview

The Pulse Professional is the primary HMD cellphone to obtain Android 15

New report corroborates rumors of seamless updates assist for Samsung Galaxy S25 Extremely

Apple Intelligence vs Google Gemini vs Galaxy AI: what are the variations?

What the vulnerability does

How attackers are using it

admin

Subscribe to our mailing list to get the new updates!

ARK steps in as crypto stocks extend multi-day selloff

Chart Art: GBP/USD to Extend Its Short-Term Uptrend?

Related Articles

BTC–Gold Ratio Slides As Gold Dominates 2025

FDIC Proposes Framework for Bank-Issued Payment Stablecoins

Why BitMine Is Accumulating Ether as ETFs See Outflows

U.S. Senate’s Warren asks for Trump-tied crypto probe as market structure bill drags