Overview
- Researchers report at least 15 distinct intrusion clusters exploiting CVE-2025-55182 at scale, spanning commodity cryptominers and more targeted operations.
- Wiz telemetry indicates roughly 50% of known exposed systems remain unpatched, leaving a substantial attack window for automated campaigns.
- The React team released fixes for CVE-2025-55184 and CVE-2025-67779 (DoS) and CVE-2025-55183 (source-code exposure), advising upgrades to 19.0.3, 19.1.4, and 19.2.3 after incomplete earlier patches.
- Shadowserver counts more than 137,200 internet-exposed IPs running vulnerable code, led by the U.S., Germany, France, and India.
- Cloudflare observed internet-wide reconnaissance that often excluded Chinese IP space and concentrated on regions including Taiwan, Xinjiang, Vietnam, Japan, and New Zealand, while a public PoC and large target lists have accelerated mass probing and malware drops.