← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
It didn’t take long: CVE-2025-55182 is now under active exploitation
WHITE AlienVault 2025-12-11 Modified: 2026-01-10
51
IOCs
HIGH VOLUME
A critical vulnerability (CVE-2025-55182) affecting React Server Components has been actively exploited since its disclosure on December 4, 2025. The flaw, dubbed React4Shell, allows attackers to execute commands and manipulate files on vulnerable web applications. Kaspersky honeypots detected a surge in exploitation attempts, with attackers deploying various malware, including crypto miners and the RondoDox botnet. The vulnerability affects multiple React-related packages and bundles. Threat actors are leveraging this exploit to steal credentials, compromise cloud infrastructures, and potentially launch supply chain attacks. Immediate patching and implementation of security measures are strongly recommended to mitigate risks associated with this high-severity vulnerability.
crypto minervulnerabilityexploitationcve-2025-55182xmrigmiraireact server componentsreact4shellhoneypotgafgytrondodoxbotnet
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Mirai Gafgyt RondoDox XMRig
Indicators of Compromise (51)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2025-55182 2025-12-11
FileHash-MD5 0450fe19cfb91660e9874c0ce7a121e0 2025-12-11
FileHash-MD5 39e943f4de855e2aef12f34324cbf150 2025-12-11
FileHash-MD5 3ba4d5e0cf0557f03ee5a97a2de56511 2025-12-11
FileHash-MD5 622f904bb82c8118da2966a957526a2b 2025-12-11
FileHash-MD5 791f123b3aaff1b92873bd4b7a969387 2025-12-11
FileHash-MD5 c6381ebf8f0349b8d47c5e623bbcef6b 2025-12-11
FileHash-MD5 e82057e481a2d07b177d9d94463a7441 2025-12-11
FileHash-SHA1 09e42ebca5a59b128246a08827c040220ae1c2cb 2025-12-11
FileHash-SHA1 c270d7ea30c43f37226d34d26ea4e3289a485a60 2025-12-11
FileHash-SHA1 dc057522e04f37a6143cf6ce9b5d4a19aab8ef7a 2025-12-11
FileHash-SHA1 e767e1cef1c35738689ba4df9c6f7f29a6afba1a 2025-12-11
FileHash-SHA256 7e0a0c48ee0f65c72a252335f6dcd435dbd448fc0414b295f635372e1c5a9171 2025-12-11
FileHash-SHA256 858874057e3df990ccd7958a38936545938630410bde0c0c4b116f92733b1ddb 2025-12-11
FileHash-SHA256 cc17c5a982a899986c292a41cdc0dfe75b7126b4833521a9b010722a382d11e8 2025-12-11
URL http://193.34.213.150/nuts/bolts 2025-12-11
URL http://193.34.213.150/nuts/x86 2025-12-11
URL http://31.56.27.76/n2/x86 2025-12-11
URL http://31.56.27.97/scripts/4thepool_miner.sh 2025-12-11
URL http://41.231.37.153/rondo.aqu.sh 2025-12-11
URL http://41.231.37.153/rondo.arc700 2025-12-11
URL http://41.231.37.153/rondo.armeb 2025-12-11
URL http://41.231.37.153/rondo.armebhf 2025-12-11
URL http://41.231.37.153/rondo.armv4l 2025-12-11
URL http://41.231.37.153/rondo.armv5l 2025-12-11
URL http://41.231.37.153/rondo.armv6l 2025-12-11
URL http://41.231.37.153/rondo.armv7l 2025-12-11
URL http://41.231.37.153/rondo.i486 2025-12-11
URL http://41.231.37.153/rondo.i586 2025-12-11
URL http://41.231.37.153/rondo.i686 2025-12-11
URL http://41.231.37.153/rondo.m68k 2025-12-11
URL http://41.231.37.153/rondo.mips 2025-12-11
URL http://41.231.37.153/rondo.mipsel 2025-12-11
URL http://41.231.37.153/rondo.powerpc 2025-12-11
URL http://41.231.37.153/rondo.powerpc-440fp 2025-12-11
URL http://41.231.37.153/rondo.sh4 2025-12-11
URL http://41.231.37.153/rondo.sparc 2025-12-11
URL http://41.231.37.153/rondo.x86_64 2025-12-11
URL http://51.81.104.115/nuts/bolts 2025-12-11
URL http://51.81.104.115/nuts/x86 2025-12-11
URL http://51.91.77.94:13339/termite/51.91.77.94:13337 2025-12-11
URL http://59.7.217.245:7070/app2 2025-12-11
URL http://59.7.217.245:7070/c.sh 2025-12-11
URL http://68.142.129.4:8277/download/c.sh 2025-12-11
URL http://89.144.31.18/nuts/bolts 2025-12-11
URL http://89.144.31.18/nuts/x86 2025-12-11
URL http://gfxnick.emerald.usbx.me/bot 2025-12-11
URL http://meomeoli.mooo.com:8820/CLoadPXP/lix.exe?pass=PXPa9682775lckbitXPRopGIXPIL 2025-12-11
URL https://api.hellknight.xyz/js 2025-12-11
hostname api.hellknight.xyz 2025-12-11
hostname gfxnick.emerald.usbx.me 2025-12-11
References (1)
↗ https://securelist.com/cve-2025-55182-exploitation/118331