China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
Essential information
- Published
- 05/12/2025 17:57
- Modified
- 21/12/2025 18:33
- Tags
- 2025-12-05 CVE-2025-1338 CVE-2025-55182 app router china-nexus earth lamia exploit jackpot panda next.js react server react2shell state-sponsored
- Related entities
- 2 vulnerabilities (cve), 4 observables, 1 intrusion sets (apt), 1 techniques (mitre), 6 others
Description
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components has a maximum Common Vulnerability Scoring System (CVSS) score of 10.0 and affects React versions 19.x and Next.js versions 15.x and 16.x when using App Router.