jbz

⚠️ Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

「 The campaign is assessed to be targeting Next.js applications that are vulnerable to CVE-2025-55182 (CVSS score: 10.0), a critical flaw in React Server Components and Next.js App Router that could result in remote code execution, for initial access, and then dropping the NEXUS Listener collection framework 」

https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html

#nextjs #infosec #react2shell #CVE202555182

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

766 hosts breached via CVE-2025-55182 in Next.js apps, enabling mass credential theft and targeted follow-on attacks.

The Hacker News
Apr 3 at 9:18pmWeb