Within hours of its disclosure, Chinese state-linked threat actors (tracked as “Earth Lamia” and “Jackpot Panda”) have been observed actively weaponizing the critical “React2Shell” vulnerability (CVE-2025-55182, CVSS 10.0). The flaw allows unauthenticated remote code execution in React Server Components.
Business Impact
This is a rapid escalation. Nation-state actors are using this “maximum severity” flaw to establish persistent footholds in corporate web infrastructure. Any unpatched React or Next.js application facing the internet is at immediate risk of full server compromise and data exfiltration.
Why It Happened
Sophisticated APT groups monitor vulnerability disclosures closely. The React2Shell flaw provides a rare, unauthenticated entry point into modern web stacks, making it a high-value target for espionage and pre-positioning.
Recommended Executive Action
Direct your engineering teams to verify that React is updated to version 19.0.1+ immediately. If patching is not instant, deploy WAF rules to block malicious HTTP payloads targeting React Server Functions. Assume compromise if patching was delayed.
Hashtags: #React2Shell #China #APT #Vulnerability #RCE #WebSecurity #PatchNow #InfoSec #CVE