React2Shell Vulnerability Exploited by Chinese Hackers

Chinese hacking groups, Earth Lamia and Jackpot Panda, have begun exploiting the React2Shell vulnerability, also known as CVE-2025-55182, shortly after its public disclosure. This vulnerability, rated with a maximum CVSS score of 10.0, allows for unauthenticated remote code execution.

The flaw has been patched in React versions 19.0.1, 19.1.2, and 19.2.1. According to a report from Amazon Web Services, exploitation attempts were identified using their AWS MadPot honeypot infrastructure, linking the activity to IP addresses associated with these China-nexus threat actors.

Earth Lamia has previously targeted various sectors including financial services, logistics, and government organizations across regions such as Latin America, the Middle East, and Southeast Asia. Jackpot Panda, active since at least 2020, has focused on online gambling operations in East and Southeast Asia.

AWS also reported that threat actors are exploiting other vulnerabilities, including CVE-2025-1338 with a CVSS score of 7.3, indicating a coordinated effort to scan for unpatched systems. The exploitation activities included running discovery commands, writing files, and reading sensitive information, showcasing a systematic approach to capitalizing on new vulnerabilities.

In a related development, Cloudflare experienced an outage due to a change made to mitigate the React2Shell vulnerability, which caused websites to return a '500 Internal Server Error' message. This incident underscores the urgency for organizations to patch vulnerabilities and enhance their security protocols to counter the rapid exploitation by threat actors.