China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

Amazon observed rapid, in-the-wild exploitation attempts targeting CVE-2025-55182 (React2Shell), a critical (CVSS 10.0) unsafe deserialization RCE in React Server Components affecting React 19.x and Next.js 15.x/16.x (App Router). Multiple China state-nexus clusters (including Earth Lamia and Jackpot Panda) and other unattributed actors weaponized public PoCs within hours of disclosure; AWS detected scanning and active exploitation via MadPot, published IOCs and host/network indicators, and recommended immediate patching plus interim WAF/Network Firewall protections and logging/forensic checks.