{
  "name": "China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)",
  "slug": "china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182",
  "description": "Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components has a maximum Common Vulnerability Scoring System (CVSS) score of 10.0 and affects React versions 19.x and Next.js versions 15.x and 16.x when using App Router.",
  "published": "2025-12-05T16:57:24+00:00",
  "created_at": "2025-12-05T16:57:24+00:00",
  "modified_at": "2025-12-21T17:33:18+00:00",
  "created_at_opencti": "2025-12-05T16:57:24+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-12-05",
    "CVE-2025-1338",
    "CVE-2025-55182",
    "app router",
    "china-nexus",
    "earth lamia",
    "exploit",
    "jackpot panda",
    "next.js",
    "react server",
    "react2shell",
    "state-sponsored"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "143.198.92.82"
      },
      {
        "id": "",
        "name": "45.77.33.136"
      },
      {
        "id": "",
        "name": "206.237.3.150"
      },
      {
        "id": "",
        "name": "183.6.80.214"
      }
    ],
    "intrusion_sets": [
      {
        "id": "2e54fa39-e752-4f0a-9cce-777647d11a1f",
        "name": "China-nexus",
        "slug": "china-nexus"
      }
    ],
    "attack_patterns": [
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2025-55182"
      },
      {
        "id": "",
        "name": "CVE-2025-1338"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Education"
      },
      {
        "id": "",
        "name": "Transport"
      },
      {
        "id": "",
        "name": "Government and administrations"
      },
      {
        "id": "",
        "name": "Retail (distribution)"
      },
      {
        "id": "",
        "name": "Technologies"
      }
    ]
  },
  "external_refs": [
    "https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/",
    "https://otx.alienvault.com/pulse/69331d05a7d525a2c1cf508c"
  ]
}