Business

Chinese Hackers Exploit Newly Disclosed React2Shell Vulnerability

BassyonniBassyonni
ago 49 minutes
Chinese Hackers Exploit Newly Disclosed React2Shell Vulnerability

Two hacking groups connected to China are exploiting a newly disclosed vulnerability, identified as CVE-2025-55182, also known as React2Shell. This flaw, which allows unauthenticated remote code execution, received a CVSS score of 10.0. Within mere hours of its announcement, these groups began attempts to weaponize the vulnerability.

Vulnerability Details

The React2Shell vulnerability affects React Server Components and has been addressed in various versions, specifically 19.0.1, 19.1.2, and 19.2.1. According to a report from Amazon Web Services (AWS), the hacking groups Earth Lamia and Jackpot Panda are involved in these exploitation attempts, with activity traced to known Chinese state-linked infrastructures.

Hacking Groups Involved

  • Earth Lamia: This group has previously targeted sectors such as financial services, logistics, and government organizations across regions including Latin America and the Middle East.
  • Jackpot Panda: Active since at least 2020, this group has focused on online gambling entities in East and Southeast Asia.

CrowdStrike has reported that Jackpot Panda attempted to deploy malicious implants using compromised third-party relationships, particularly noted during the supply chain attack involving the chat application Comm100 in September 2022.

Exploitation Activities

AWS’s CJ Moses has highlighted the systematic approach used by these threat actors. They monitor vulnerability disclosures and quickly adapt public exploits into their operational frameworks. Recent activities have involved running discovery commands and accessing sensitive files.

Impact and Broader Campaigns

In addition to React2Shell, AWS identified attempts to exploit other vulnerabilities, particularly the NUUO Camera vulnerability (CVE-2025-1338, CVSS score: 7.3), showcasing a broader strategy aimed at scanning for unpatched systems.

Cloudflare’s Response

Coinciding with these events, Cloudflare experienced a temporary outage, resulting in numerous services returning a “500 Internal Server Error.” The web infrastructure provider clarified that this disruption was due to a system change intended to mitigate the React2Shell vulnerability and not the result of an attack.

The ongoing threats posed by these hacking groups underscore the importance of prompt security updates for software vulnerabilities, such as React2Shell. Companies are urged to remain vigilant and apply the latest patches to mitigate risks of exploitation.

Related Posts

Can Harvey AI Enhance Lawyers’ Profits?

Can Harvey AI Enhance Lawyers’ Profits?

Bassyonni 5 Dec 2025

China-Linked Attacks Actively Exploit Critical React2Shell Vulnerability

China-Linked Attacks Actively Exploit Critical React2Sh...

Bassyonni 5 Dec 2025

HHS Launches AI Strategy to Revolutionize Agency Operations

HHS Launches AI Strategy to Revolutionize Agency Operat...

Bassyonni 5 Dec 2025

World’s First Mile-Deep Nuclear Reactor to Break Ground in Kansas Next Week

World’s First Mile-Deep Nuclear Reactor to Break Ground...

Bassyonni 5 Dec 2025

Luana Lopes Lara: 29-Year-Old Ballerina Becomes Youngest Female Self-Made Billionaire

Luana Lopes Lara: 29-Year-Old Ballerina Becomes Younges...

Bassyonni 5 Dec 2025

US, European Stock Futures Climb as PCE Data Release Looms

US, European Stock Futures Climb as PCE Data Release Looms

Bassyonni 5 Dec 2025