The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components.
Following significant improvements to their scanning methodologies, researchers have identified a massive attack surface comprising over 165,000 unique IP addresses and more than 644,000 domains hosting vulnerable code as of December 8, 2025.
This surge in identified instances suggests that previous estimates of the vulnerability’s reach were significantly understated. The improved targeting capabilities deployed by Shadowserver have enabled deeper inspection of web infrastructure, revealing that hundreds of thousands of websites are currently susceptible to exploitation.
CVE-2025-55182 targets the architecture of React Server Components, potentially allowing attackers to bypass security controls or execute unauthorized code on the server side if left unpatched.
Widespread Exposure Detected
The sheer volume of affected domains highlights the pervasive nature of React in modern web development. Because React Server Components are often integral to the rendering pipeline of high-performance web applications, a vulnerability at this layer poses severe risks to data integrity and server security.
The data indicates that the issue is not isolated to a specific region or sector but affects a broad spectrum of the internet, from small business sites to enterprise-grade platforms.
Security experts are urging administrators to prioritize this patch immediately. The discovery that over half a million domains are exposed creates a lucrative target environment for threat actors, who often automate attacks once a Proof of Concept (PoC) becomes available or scanning techniques are refined.
The updated statistics from Shadowserver are a critical warning that the remediation window is closing rapidly.
Organizations utilizing React Server Components in their technology stack must verify their current versions against vendor advisories immediately.
The Shadowserver Foundation has provided a public dashboard to track the statistics of these vulnerable instances, encouraging transparency and rapid response within the cybersecurity community.
Administrators should check their logs for signs of compromise, as the vulnerability may have been present for some time before these enhanced scans detected the full scope of exposure.
| CVE ID | CVSS Score | Affected Component | Impact | Vulnerable IPs |
|---|---|---|---|---|
| CVE-2025-55182 | 9.8 (Critical) | React Server Components | RCE / Security Bypass | > 165,000 |
Applying the official patches released by the React maintainers is the only definitive way to mitigate the risk. Until patches are applied, these 644,000 domains remain open doors for potential cyberattacks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
