Crypto news: This new React bug can drain your wallets if not caught
A critical, actively exploited React Server Components vulnerability (CVE-2025-55182/React2Shell) risks draining user crypto assets.Summary
A critical vulnerability in React Server Components, tracked as CVE-2025-55182 and nicknamed React2Shell, is being actively exploited, potentially affecting thousands of websites, including crypto platforms. This flaw allows unauthenticated remote code execution on affected servers running React versions 19.0 through 19.2.0 and related frameworks like Next.js. Attackers are using the bug to deploy malware, backdoors, and crypto-mining software, consuming server resources. For crypto platforms, the danger is heightened as compromised front-ends can inject malicious scripts to intercept wallet interactions or redirect transactions, even if the underlying blockchain remains secure, putting user assets at risk when signing transactions via browser wallets.
(Source:CoinDesk)