Overview
- CISA added CVE-2025-55182 to its Known Exploited Vulnerabilities list and set a December 12 patch deadline for federal agencies as real‑world attacks continue.
- Wiz reports at least 15 active intrusion clusters and estimates roughly half of internet‑facing vulnerable instances remain unpatched.
- React disclosed CVE-2025-55184 and CVE-2025-67779 for pre‑auth denial of service and CVE-2025-55183 for source‑code exposure, urging updates to 19.0.3, 19.1.4, or 19.2.3 with rebuilds and redeploys.
- Telemetry shows scale and targeting: Shadowserver counted over 137,000 exposed IPs, Kaspersky recorded 35,000 exploitation attempts in a single day, and Cloudflare observed probing concentrated in parts of Asia and select government and critical‑infrastructure networks.
- Evidence of automation includes a public PoC and open target lists, and Google’s Threat Intelligence team issued a critical alert with mitigation and threat‑hunting guidance.