Cybersecurity experts have warned that hackers are exploiting a recently discovered vulnerability in the popular JavaScript library React to secretly inject malware into legitimate websites, enabling theft of funds from users’ crypto wallets. According to the non-profit Security Alliance (SEAL), these attacks abuse a serious security flaw, identified as CVE-2025-55182, allowing unauthorized remote code modification without website owners’ knowledge. This vulnerability was disclosed in December following a report by white-hat researcher Lachlan Davidson. React, one of the most widely used front-end frameworks powering millions of web applications—including crypto platforms, DeFi apps, and NFT sites—is now being targeted to insert malicious code aimed at draining users’ wallets. SEAL has urged all website owners to immediately review their front-end code for suspicious activity. The threat extends beyond crypto and Web3 sites to any website using the affected React server components. Users on compromised sites may encounter fake permission or signature requests designed to steal funds, prompting advice for users to carefully scrutinize all authorization prompts. SEAL recommends scanning servers for CVE-2025-55182, inspecting scripts from unknown sources, and identifying obfuscated JavaScript code. Sudden phishing warnings from browsers or wallet applications may also signal potential compromise. The React team has released a patch and urged developers to promptly upgrade their applications, especially those utilizing React Server Components. Applications not employing server-side React code are not affected. This development serves as a critical reminder that cyber threats persist despite advanced technology use, making timely adoption of security measures essential.
Source: binance
