Security lapse lets researchers view React2Shell hackers’ dashboard
Summary
A threat group called UAT-10608 is exploiting React2Shell (CVE-2025-55182, a pre-authentication remote code execution vulnerability in Next.js applications), a flaw that was patched four months ago, to steal credentials and tokens from unpatched servers at scale. Researchers discovered the attackers' exposed web dashboard, which revealed they had successfully compromised 766 hosts in 24 hours and stolen credentials from major services like AWS, Azure, OpenAI, GitHub, and others. The vulnerability allows attackers to send malicious code payloads to server endpoints without authentication, triggering arbitrary code execution that deploys credential-harvesting tools.
Solution / Mitigation
A fix was issued four months ago. Additionally, the source states that 'victims and service providers with exposed and at-risk credentials, including AWS and GitHub, are being notified,' and IT professionals should 'act quickly' to patch React servers in their environment before credentials are stolen.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4154188/security-lapse-lets-researchers-see-react2shell-hackers-dashboard.html
First tracked: April 3, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%