CVE-2025-55182 (React2Shell, CVSS 9.5) is under active, automated exploitation by threat cluster UAT-10608, with 766 confirmed compromises in a single 24-hour window. The vulnerability enables unauthenticated remote code execution via shell injection in Next.js React Server Components, directly exposing cloud and CI/CD credentials (AWS, GCP, Azure, Kubernetes, GitHub, GitLab). Immediate action is required: apply the Next.js patch per the official security advisory, rotate all server-side credentials without delay, and implement WAF controls blocking RSC endpoints until patching is confirmed.