CROFAM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch the critical React2Shell vulnerability (CVE-2025-55182) by today, December 12, amid reports of widespread exploitation. The flaw, affecting React Server Components, allows attackers to execute malicious code on servers.