Security agency OpenZeppelin tweeted that the Thirdweb contract security vulnerability has not yet been exploited. The vulnerability is related to an integration issue in a specific mode and has nothing to do with the implementation included in the OpenZeppelin contract library. OpenZeppelin will still take the lead in assessing and providing mitigation strategies to affected users in the community, and will disclose the vulnerability when appropriate.
For Thirdweb users, the team has developed a tool to check whether contracts created through its platform are affected and perform migrations: https://mitigate.thirdweb.com.