React2Shell Vulnerability Exploited by China-Linked Hackers
The React2Shell vulnerability, identified as CVE-2025-55182, is currently being exploited by threat actors linked to Chinese state interests. This critical vulnerability, with a CVSS v3.1 score of 10, affects React Server Components versions 19.0.0 to 19.2.0. Amazon Web Services (AWS) has confirmed that groups such as Earth Lamia and Jackpot Panda are actively exploiting this flaw. These groups are known for targeting sectors like financial services, logistics, and government organizations across various regions. Over 2.15 million internet-facing services are potentially affected, with several proof-of-concept exploits already in circulation. The vulnerability allows for pre-authentication remote code execution, posing a significant threat to affected systems. 
