Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.