React2Shell Chaos: Chinese Hackers Exploit Critical React Vulnerability for Cyber Mischief
Chinese threat groups are exploiting React2Shell like it’s a Black Friday sale on vulnerabilities. This newly disclosed bug, CVE-2025-55182, is the latest hot-ticket item, allowing hackers to execute remote code on systems using React 19. Google’s watching as malware flies off the shelves, courtesy of Earth Lamia and Jackpot Panda.
Hot Take:
React2Shell sounds like a hip new dance move, but the only ones grooving are cybercriminals exploiting this vulnerability. Our new dance partners include five China-linked threat groups who have taken to the digital dance floor faster than you can say “unauthenticated remote code execution.” It’s like a cybersecurity version of Dancing with the Stars, except the stars are malicious and the judges are probably crying.
Key Points:
- Google observed five China-linked threat groups exploiting the React2Shell vulnerability.
- React2Shell impacts systems using React version 19 and can lead to remote code execution.
- Threat actors include groups with catchy names like Earth Lamia, Jackpot Panda, and UNC6600.
- Additional React vulnerabilities have been disclosed, with varying severity levels.
- Attacks are not limited to Chinese groups; Iran-linked threat actors are also getting in on the action.