Overview
- CISA added CVE-2025-55182 to its Known Exploited Vulnerabilities catalog and required federal agencies to remediate by December 26 under BOD 22-01.
- Palo Alto Networks’ Unit 42 confirmed compromises at more than 30 organizations with activity including credential theft, cryptomining, Cobalt Strike beacons, and deployments of SNOWLIGHT and VShell.
- AWS reported exploitation attempts within hours of disclosure by China-linked groups Earth Lamia and Jackpot Panda, with operators iterating on public exploits and manually debugging against targets.
- Exposure remains substantial with Shadowserver identifying 77,664 vulnerable IP addresses, Wiz estimating 39% of cloud environments contain susceptible instances, and Censys counting about 2.15 million potentially affected services.
- React released fixes in versions 19.0.1, 19.1.2, and 19.2.1 for affected server-side packages, with vendors stressing that services must be upgraded, rebuilt, and redeployed as interim WAF mitigations are not sufficient; Cloudflare’s emergency WAF change briefly caused a global outage.