Hackers are exploiting a vulnerability known as React2Shell (CVE-2025-55182) in Next.js applications to conduct large-scale automated credential theft campaigns. The vulnerability affects Next.js apps that fail to properly validate user input in server-side rendering contexts.
According to BleepingComputer, the campaign involves automated exploitation targeting vulnerable Next.js applications to steal user credentials. The scope and severity details of CVE-2025-55182 were not specified in the available reporting.