At the end of 2025, Russian online resources faced a sharp increase in attacks on the web. The increase in attacker activity is related to the emergence in early December of a new critical React2Shell vulnerability, which allows attackers to gain server-side control of web resources. Gazeta.Ru was informed about this by the press service of the WMX company.
In December 2025, the company's service, WMX ProWAF, repelled approximately 130 million attacks. This is a third higher than the monthly average for the year. React2Shell, registered as CVE-2025-55182 and rated 10/10, was published on December 3, 2025.
By the end of the month, the number of attempts to exploit it had increased 20-fold, directly correlating with the record number of RCE attacks. RCE attacks are used to run arbitrary malicious code on the server and can result in complete control of web application data and functionality as well as further movement across the corporate network.
The most notable increase in such attacks in December was recorded in the financial, IT and telecommunications sectors. At the same time, IT companies face doubled threats.
