Chinese Hackers Exploit Critical React2Shell Vulnerability (CVE-2025-55182)

Chinese Hackers Exploit Critical React2Shell Vulnerability (CVE-2025-55182)

Two China-linked hacking groups, Earth Lamia and Jackpot Panda, have exploited the newly disclosed React2Shell vulnerability (CVE-2025-55182) within hours of its public disclosure. The flaw allows unauthenticated remote code execution and has a CVSS score of 10.0.

Why This Matters

The technical reality of vulnerability exploitation starkly contrasts with ideal models of immediate patching. Attackers often act within hours of disclosure, leveraging unpatched systems before defenders can respond. AWS reports that threat actors are scanning for multiple unpatched vulnerabilities simultaneously, including CVE-2025-55182 and CVE-2025-1338, demonstrating a systematic approach to maximize exploitation opportunities. The scale of impact is vast, with targets spanning financial services, logistics, and government sectors across multiple regions.

Key Insights

• “CVE-2025-55182 (CVSS 10.0) patched in React 19.0.1, 19.1.2, 19.2.1”: AWS report, 2025
• “Systematic exploitation of N-day flaws alongside new vulnerabilities”: Amazon CISO CJ Moses, 2025
• “Cloudflare’s React2Shell patch triggered global 500 errors”: Cloudflare statement, 2025

Practical Applications

• Use Case: Financial institutions and logistics firms targeted by Earth Lamia for infrastructure compromise.
• Pitfall: Delaying patch deployment leaves systems exposed to rapid exploitation, as seen with CVE-2025-55182.

References:

• https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html