Chinese hackers have begun exploiting a critical remote code execution vulnerability in React2Shell, known as the React2Shell RCE flaw, just hours after its public disclosure. The bug carries a maximum severity rating of 10/10.
The React2Shell RCE flaw, a remote code execution vulnerability, was disclosed recently, prompting swift action from Chinese hackers who started exploiting it within hours. This 10/10 severity bug poses significant risks, allowing attackers to execute code remotely on affected systems.
Security researchers at TechRadar reported the rapid exploitation, highlighting the vulnerability's critical nature. No further details on the specific impacts or affected versions were immediately available in the initial coverage. The incident underscores the challenges in patching high-severity flaws before widespread abuse occurs.
As of the report's publication on December 8, 2025, at 13:45 UTC, organizations using React2Shell are urged to apply updates promptly to mitigate potential threats from these state-affiliated actors.