Critical bug in React puts sites with crypto wallets at risk

Key points:

• The discovered vulnerability, CVE-2025-55182, allows commands to be executed on the server without user authentication.
• Websites running React versions 19.0–19.2.0 are vulnerable, including projects with crypto wallets and transactions.

A dangerous bug has been discovered in the popular JavaScript framework React, which allows hackers to gain control over the server-side of web applications. According to experts, the problem is already being exploited in real attacks and affects thousands of websites around the world.

The situation is particularly alarming for cryptocurrency services. These platforms most often use React and related tools for wallet interfaces, transaction confirmation, and transaction management.

North Korean hackers: the complete dossier, description of methods and chronology of cryptocurrency thefts

Over the past few years, North Korea’s cyber units have carried out large-scale operations to infiltrate various structures and steal digital assets

Читать дальше

What exactly went wrong

The vulnerability is related to an error in the mechanism for processing and decoding incoming requests to these server components.

An attacker can send a specially crafted request that forces the server to execute arbitrary commands. This effectively allows the hacker to gain control over the system on which the application is deployed, even without access to credentials.

The problem affects React versions 19.0 through 19.2.0, as well as projects built on Next.js. In many cases, simply using vulnerable libraries is enough to launch an attack.

The most sophisticated cryptocurrency theft scheme: what it is and how it works

An entrepreneur fell victim to one of the most sophisticated cryptocurrency theft schemes, which still remains unsolved

Читать дальше

How this threatens crypto platforms

Researchers at Google Threat Intelligence Group have reported several active campaigns in which this bug is being used to install malware.

Some incidents are related to illegal Monero mining, where server computing power is used without the knowledge of website owners. This leads to a drop in performance and increased infrastructure costs.

For crypto services, the consequences can be much more serious. After compromising a website, attackers can inject malicious code into user interfaces. Such code can spoof recipient addresses, change transaction parameters, or intercept actions before they are confirmed.

Even if the blockchain is working perfectly, users can lose assets if they interact with an infected front end.