CISA Mandates Patching for Critical React2Shell Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability, identified as React2Shell, to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken in response to verifiable evidence that the security flaw is being actively exploited by malicious actors in the wild. The inclusion in the KEV catalog serves as an official confirmation of the ongoing threat posed by this vulnerability.

The addition of React2Shell to the catalog underscores the severity of the flaw. Organizations are strongly advised to address this vulnerability to prevent potential compromise. The active exploitation indicates that threat actors have developed and are currently using methods to leverage this weakness in affected systems.

Binding Directive for Federal Agencies

By adding the React2Shell flaw to the KEV catalog, CISA has issued a Binding Operational Directive (BOD) to all Federal Civilian Executive Branch (FCEB) agencies. This directive mandates that these agencies apply the necessary patches or mitigations by a specified deadline. The purpose of the KEV catalog is to prioritize the remediation of vulnerabilities that present a significant and immediate risk to the federal enterprise.

While the directive is mandatory for federal agencies, CISA recommends that all organizations, including those in the private sector and state or local governments, review the KEV catalog. Prioritizing the remediation of this actively exploited vulnerability is a critical step in strengthening an organization’s security posture against current cyber threats.

Source: https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html