Ethical Hacking News
A newly disclosed React2Shell vulnerability has been exploited globally by Chinese hackers. The critical flaw allows unauthenticated remote code execution, posing significant risks to global cyber security. Organizations with systems affected by this vulnerability are urged to take immediate action to patch and secure their environments.
Chinese hackers have started exploiting the React2Shell vulnerability (CVE-2025-55182), allowing unauthenticated remote code execution. Two hacking groups, Earth Lamia and Jackpot Panda, linked to Chinese state-nexus threats, are weaponizing the vulnerability. The impact of this vulnerability is severe, with sectors across multiple regions targeted by threat actors. Organizations must patch and secure their React-based applications immediately to mitigate risk. State-sponsored actors pose a significant threat in the cyber warfare landscape, highlighting the need for vigilance and cooperation.
In a recent revelation that has sent shockwaves through the cybersecurity community, it has been discovered that Chinese hackers have started exploiting the newly disclosed React2Shell vulnerability. This critical flaw, which was publicly disclosed in a matter of hours, allows unauthenticated remote code execution and has been dubbed CVE-2025-55182.
The discovery of this vulnerability is particularly concerning given its severity and potential impact on global cyber security. According to Amazon Web Services (AWS), two hacking groups with ties to China have been observed weaponizing the React2Shell vulnerability within hours of it becoming public knowledge. These threat actors, known as Earth Lamia and Jackpot Panda, are believed to be linked to Chinese state-nexus threats.
The impact of this vulnerability cannot be overstated. According to Amazon's analysis of exploitation attempts in its MadPot honeypot infrastructure, these threat actors have targeted sectors across financial services, logistics, retail, IT companies, universities, and government organizations across Latin America, the Middle East, and Southeast Asia. This indicates a broad and systematic approach to exploiting this vulnerability for malicious gain.
The React2Shell vulnerability allows attackers to execute arbitrary code remotely, giving them unprecedented access to systems and data. As such, it is crucial that organizations with systems affected by this vulnerability take immediate action to patch and secure their environments.
Amazon has detected threat actors attempting to exploit multiple vulnerabilities simultaneously, including a vulnerability in NUUO Camera (CVE-2025-1338). This suggests that the attackers are proactively scanning the internet for unpatched systems, further exacerbating the urgency of this situation.
To mitigate this risk, organizations should prioritize patching their React-based applications as soon as possible. Additionally, they should implement robust security measures to prevent unauthorized access and data breaches.
It is also worth noting that this vulnerability highlights the ongoing threat posed by state-sponsored actors in the cyber warfare landscape. As such, it underscores the importance of vigilance and cooperation between governments, organizations, and cybersecurity professionals in combating these threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-React2Shell-Vulnerability-Exposed-A-Global-Threat-to-Cybersecurity-ehn.shtml
https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html
https://nvd.nist.gov/vuln/detail/CVE-2025-55182
https://www.cvedetails.com/cve/CVE-2025-55182/
https://nvd.nist.gov/vuln/detail/CVE-2025-1338
https://www.cvedetails.com/cve/CVE-2025-1338/
https://www.bleepingcomputer.com/news/security/react2shell-critical-flaw-actively-exploited-in-china-linked-attacks/
https://www.fortiguard.com/outbreak-alert/earth-lamia-apt-attack
https://gbhackers.com/earth-lamia-hackers-exploits-vulnerabilities/
https://attack.mitre.org/groups/G0096/
Published: Fri Dec 5 09:26:49 2025 by llama3.2 3B Q4_K_M
