CVE-2025-55182 Exploitation Hits the Smart Home

Active exploitation of CVE-2025-55182, informally known as React2Shell, is targeting Node.js applications within smart home environments. This vulnerability allows attackers to manipulate internal JavaScript object structures via user-supplied JSON data, leading to remote command execution (RCE). Security sensors have detected large volumes of exploitation attempts shortly after public disclosure, indicating rapid weaponization. The exploit leverages process.mainModule.require and child_process.execSync to execute arbitrary commands. While no specific threat actors or malware families are currently attributed, the severity is critical due to the RCE capability. Organizations utilizing Node.js in IoT or smart home contexts should immediately audit applications for improper JSON validation. Mitigation involves strict input validation and patching affected libraries to prevent object structure manipulation. Continuous monitoring for suspicious process execution is recommended to detect potential compromise attempts stemming from this vulnerability.

Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.

Active exploitation of CVE-2025-55182, informally known as React2Shell, is targeting Node.js applications within smart home environments. This vulnerability allows attackers to manipulate internal JavaScript object structures via user-supplied JSON data, leading to remote command execution (RCE). Security sensors have detected large volumes of exploitation attempts shortly after public disclosure, indicating rapid weaponization. The exploit leverages process.mainModule.require and child_process.execSync to execute arbitrary commands. While no specific threat actors or malware families are currently attributed, the severity is critical due to the RCE capability. Organizations utilizing Node.js in IoT or smart home contexts should immediately audit applications for improper JSON validation. Mitigation involves strict input validation and patching affected libraries to prevent object structure manipulation. Continuous monitoring for suspicious process execution is recommended to detect potential compromise attempts stemming from this vulnerability. Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync. Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.