React2Shell CVE-2025-55182: Mass Harvesting AI API Keys
·1789 words·9 mins
A CVSS 10.0 vulnerability in React Server Components is being actively exploited to steal AI platform API keys, cloud credentials, and payment secrets from hundreds of Next.js deployments. Here’s how the attack works and what your team should do right now.