CVE-2025-55182 (‘React2Shell’, CVSS 7.5, EPSS 98th percentile) affects React Server Components in React/Next.js deployments and was actively exploited by TeamPCP and multiple other China-nexus threat actors in December 2025 as part of a cloud-native infrastructure compromise campaign. The vulnerability enables server-side code execution and was chained with cloud misconfigurations to build self-propagating criminal infrastructure used for ransomware deployment, cryptomining, and data exfiltration. Organizations with internet-exposed React/Next.js deployments using Server Components should patch immediately and restrict public access to affected RSC endpoints at the network layer as an interim control.