Overview
- AWS reports that Earth Lamia and Jackpot Panda began attempting exploitation within hours of disclosure, with active scanning observed through its MadPot honeypots.
- Shadowserver counted over 77,000 vulnerable IPs, while Censys identified about 2.15 million potentially affected internet-facing instances across frameworks such as Next.js, Waku, React Router and Redwood.
- Palo Alto Networks recorded more than 30 organizations compromised as of December 6, indicating successful intrusions tied to this vulnerability.
- React issued fixes in versions 19.0.1, 19.1.2 and 19.2.1, Vercel released patched Next.js versions 15.0.5, 15.1.9 and 16.0.7, and CISA added CVE-2025-55182 to its Known Exploited Vulnerabilities catalog.
- Security teams warn that public proofs-of-concept are proliferating, with AWS and JFrog noting many are flawed or malicious and that noisy attempts can mask real breaches.