China-Linked Hackers Rapidly Exploit React2Shell Server Vulnerability

Chinese-linked groups Earth Lamia and Jackpot Panda exploited a critical React vulnerability (CVE-2025-55182) within hours of its December 3, 2025 disclosure, enabling unauthenticated remote code execution. AWS detected attacks via its MadPot honeypots and patches were issued for React 19.0.1, 19.1.2, and 19.2.1; the incident underscores urgent patching needs and risks to web applications and critical infrastructure.
Key Points
- 1Observed exploitation: Earth Lamia and Jackpot Panda targeted CVE-2025-55182 within hours of disclosure
- 2Demonstrates severity: unauthenticated remote code execution (CVSS 10.0) risks pervasive backdoors and data compromise
- 3Recommend immediate action: patch React 19.x, deploy honeypots, and strengthen server-side monitoring and detections
Scoring Rationale
High urgency with official AWS telemetry and critical CVSS 10.0; limited long-term strategic analysis beyond immediate mitigation.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

