**Maximum Severity React2Shell Flaw Exploited by North Korean Hackers in Malware Attacks**

The recent discovery of the maximum-severity vulnerability known as React2Shell has sent shockwaves throughout the cybersecurity community, and it appears that North Korean state-sponsored threat actors have joined the fray.

Just days after the React team published a security advisory detailing a pre-authentication bug in multiple versions of multiple packs affecting React Server Components (RSC), reports began emerging of China-linked groups using the flaw to target organizations in different verticals. But it seems that North Korean hackers have also been exploiting the vulnerability, albeit in a more sophisticated manner.

The React2Shell bug, tracked as CVE-2025-55182 and given a severity score of 10/10 (critical), affects versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The React team has since released updates to patch the vulnerability, urging everyone to apply the fix without delay and update their systems to versions 19.0.1, 19.1.2, and 19.2.1.

Researchers have warned that exploitation of the React2Shell flaw was imminent due to its maximum severity rating, and it appears that they were correct. Sysdig reported seeing a novel implant from a compromised Next.js application dubbed EtherRAT, which is "far more sophisticated" than other known attacks using the same vulnerability.

EtherRAT combines techniques from at least three documented campaigns, including leveraging Ethereum smart contracts for command-and-control (C2) resolution and deploying five independent Linux persistence mechanisms. It also downloads its own Node.js runtime from nodejs.org. This level of sophistication has not been previously observed in React2Shell exploitation.

Furthermore, the malware appears to share some similarities with Contagious Interview, an infamous North Korean hacking campaign that involves inviting high-value targets to fake job interviews, during which different infostealers are deployed.

The recent developments serve as a stark reminder of the importance of patching vulnerabilities in real-time and staying vigilant against emerging threats. With the cybersecurity landscape becoming increasingly complex, it's essential for organizations to stay up-to-date with the latest security advisories and updates to protect themselves from potential attacks.

**Take Action:**

* Apply the fix without delay and update your systems to versions 19.0.1, 19.1.2, and 19.2.1. * Stay informed about emerging threats and vulnerabilities in the React ecosystem. * Implement robust security measures, including regular backups, intrusion detection, and incident response plans.

**Stay Ahead of the Curve:**

* Follow TechRadar Pro for the latest news, opinion, features, and guidance on cybersecurity and IT trends. * Sign up for our newsletter to receive regular updates and insights from leading experts in the field. * Join the conversation on social media using #cybersecurity and #React2Shell to stay informed and share your thoughts with the community.