Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, security researchers observed active exploitation attempts from several China-nexus cyber threat groups, including Earth Lamia and Jackpot Panda. This critical unauthenticated remote code execution vulnerability affects React Server Components in React 19.x and Next.js 15.x and 16.x when the App Router is […]
The post CVE-2025-55182: Immediate Operationalization of React2Shell by China-Nexus Threat Actors appeared first on SecPod Blog.