NewForTech

Home » Latest » Security » React2Shell RCE Vulnerability Exploited by Chinese Hackers Hours After Disclosure

React2Shell RCE Vulnerability Exploited by Chinese Hackers Hours After Disclosure

0 hits

React2Shell RCE Vulnerability Exploited by Chinese Hackers Hours After Disclosure
2 minutes

Written by

Tech Insider (NewForTech Editorial Team)

in

  • Critical React2Shell bug now exploited by China-affiliated groups
  • AWS reports global attacks on finance, logistics, retail, IT, academia and government due to persistence and espionage
  • Attackers are also exploiting the NUUO camera flaw; An urgent solution is recommended

As experts predicted, cybercriminals are now actively exploiting the critical vulnerability in React Server Components (RSC), which was discovered late last week. What’s worse is that the scammers exploiting the virus appear to be working for the Chinese government.

Late last week, the React team published a security advisory detailing a pre-authentication bug in multiple versions of various packages that affects RCS. Affected versions include 19.0, 19.1.0, 19.1.1, and 19.2.0, React-Server-Dom-Webpack, React-Server-Dom-Parcel, and React-Server-Dom-Turbopack. The bug, now called “React2Shell”, is tracked as CVE-2025-55182 and has a severity rating of 10/10 (Critical).

Since React is one of the most popular JavaScript libraries on the market and powers much of the current Internet, researchers warned that an exploit was imminent and urged everyone to apply the patch immediately and update their systems to versions 19.0.1, 19.1.2 and 19.2.1.

How to defend yourself

Amazon Web Services (AWS) is now reporting that two China-affiliated groups, Earth Lamia and Jackpot Panda, have used this flaw to attack organizations in various industries:

“Our analysis of infrastructure exploitation attempts by the AWS MadPot honeypot identified activities that exploited IP addresses and infrastructure historically associated with known Chinese state threat actors,” said CJ Moses, CISO at Amazon Integrated Security, in a report shared with hacker news For.

Destinations are found all over the world, from Latin America to the Middle East and Southeast Asia. Financial service providers, logistics companies, retailers, IT companies, universities and government organizations are attacked, for the purpose of persistence and cyber espionage.

In addition to React2Shell, these two groups also exploit other vulnerabilities in their attacks, including the NUUO camera (CVE-2025-1338).

React supports almost two out of five cloud environments. React is trusted by Facebook, Instagram, Netflix, Airbnb, Shopify and other giants of today’s internet, as well as millions of other developers.

IN hacker news