December 2025 brought a sharp rise in severe software flaws, with 22 critical vulnerabilities actively exploited and overall critical CVE volume up 120% from the prior month, according to Recorded Future. The threat intelligence firm said activity was led by React2Shell, tracked as CVE-2025-55182, which accounted for the largest share of observed exploitation tied to the month’s vulnerability activity.
Recorded Future’s monthly CVE review places React2Shell at the center of December’s threat picture, pointing to concentrated attacker interest in systems built on Meta’s React framework. The report does not just highlight disclosure volume; it focuses on exploitation, a more immediate signal for defenders deciding what to patch first. A spike in critical flaws paired with confirmed abuse suggests security teams faced a heavier-than-usual end-of-year remediation burden.
The practical impact is straightforward: organizations running internet-facing applications with vulnerable components had less margin for delay. When a single flaw dominates attacker attention, defenders often see faster scanning, broader opportunistic exploitation, and more pressure on patch validation cycles. For companies with distributed workforces, securing remote access paths and exposed web apps remains a priority, including standard controls such as segmentation, MFA, and, where appropriate, a VPN.
The December data also reinforces a broader lesson from recent vulnerability reporting: severity scores alone are not enough. Exploitation status and attacker focus matter more when triaging risk. If a flaw is being actively abused at scale, it can quickly outrank other critical issues that have not yet moved into widespread attack chains.
Recorded Future did not frame the month as a one-off anomaly so much as a warning about how quickly exploit attention can cluster around a high-value bug. For defenders, the takeaway is to prioritize known exploited vulnerabilities, validate exposure across web application stacks, and watch for follow-on advisories tied to React2Shell and the other 21 critical flaws highlighted in the December review.
