Overview
- AWS reports Earth Lamia and Jackpot Panda, both tied to Chinese state interests, began targeting CVE-2025-55182 within hours of disclosure.
- Internet scans highlight the scope of exposure, with Censys identifying about 2.15 million potentially affected services and Shadowserver tracking over 77,000 vulnerable IPs.
- Palo Alto Networks has confirmed more than 30 organizations compromised as of December 6, indicating real-world impact beyond scanning.
- Public proof-of-concept code has proliferated, including flawed or malicious PoCs that fuel automated attacks, lower the barrier to entry, and add log noise that can mask targeted intrusions.
- React issued fixes on December 3 (versions 19.0.1, 19.1.2, 19.2.1); providers deployed temporary WAF rules, Cloudflare reported network failures linked to mitigation changes, and CISA added the bug to its Known Exploited Vulnerabilities catalog.