A widespread campaign is underway to exploit a known vulnerability, CVE-2025-55182, in Next.js applications using React2Shell, resulting in automated credential theft. This exploit targets vulnerable apps, leveraging the React2Shell flaw to gain unauthorized access and steal sensitive credentials. The campaign's scale and automated nature pose a significant threat to exposed applications. The vulnerability, disclosed as CVE-2025-55182, has expanded the active attack surface, making it crucial for organizations to assess their exposure and prioritize mitigation efforts based on exploitation evidence1. As attackers continue to exploit this vulnerability, the risk of credential theft and subsequent malicious activities increases. This campaign highlights the importance of timely patching and vulnerability management to prevent such exploits. So what matters most to practitioners is the need to promptly evaluate and address their exposure to CVE-2025-55182 to prevent automated credential theft.