The Protocol: Bug that can drain all your tokens impacting 'thousands' of sites
A critical React Server Components bug, CVE-2025-55182 (React2Shell), allows remote code execution and risks draining user tokens from thousands of affected websites.Summary
A critical vulnerability in React Server Components, tracked as CVE-2025-55182 and nicknamed React2Shell, is being actively exploited, potentially allowing attackers to drain all user tokens from thousands of affected websites, including crypto platforms. The flaw permits unauthenticated remote code execution by tricking servers running vulnerable React versions (19.0 through 19.2.0) and related frameworks like Next.js into running arbitrary commands. The article also covers Ripple expanding its RLUSD stablecoin to Ethereum L2s via Wormhole, an ongoing debate within the Aave DAO regarding interface fees shifting away from the treasury, and the NFT project Pudgy Penguins securing a high-profile ad placement at the Las Vegas Sphere.
(Source:CoinDesk)