ADVERTISEMENT

Compromised Next.js devices weaponized by attackers: thousands remain vulnerable

Security researchers warn that hundreds of already compromised Next.js devices are hitting honeypots, while tens of thousands of servers remain vulnerable to the critical React vulnerability.

servers, vulnerability
Ernestas Naprys
Ernestas Naprys Senior Journalist
Dec 8, 2025 2 min read
ADVERTISEMENT

Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors: dashboard.shadowserver.org/statistics/h...

[image or embed]

undefined The Shadowserver Foundation (@shadowserver.bsky.social) December 8, 2025 at 1:31 PM
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

ADVERTISEMENT