Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.

That's the assessment from Alon Schindel, VP of AI and Threat Research at Wiz, who says CVE-2025-55182 – the React server-side vulnerability dubbed "React2Shell" – is now being actively exploited at scale, with researchers tracking at least 15 distinct intrusion clusters in the wild over the past 24 hours alone.

According to Wiz's latest telemetry, roughly 50 percent of publicly exposed resources known to be vulnerable are still running unpatched code, giving attackers a comfortable head start.

The critical-severity fl

See Full Page