Malicious NGINX Configurations Enable Web Traffic Hijacking
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign targeting NGINX installations and management panels like Baota (BT). The campaign aims to route traffic through the attacker's infrastructure, compromising the security and integrity of the targeted websites.
The threat actors, associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation, have been observed using malicious NGINX configurations to hijack web traffic on a large scale. This vulnerability has a severe impact, with a CVSS score of 10.0, indicating a critical severity level.
- NGINX installations and management panels are vulnerable to malicious configurations.
- Threat actors are exploiting the React2Shell vulnerability (CVE-2025-55182) to hijack web traffic.
- The campaign aims to route traffic through the attacker's infrastructure, compromising website security and integrity.
Datadog Security Labs has observed and reported on this active campaign, highlighting the importance of monitoring and securing NGINX configurations and management panels. Website administrators and security teams must take immediate action to protect their infrastructure and prevent web traffic hijacking.
The quieter you become, the more you are able to hear.
Recent Comments
No comments on this post yet. Be the first to comment 🙂