24h | 7d | 30d

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
76.01%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 12 Posts
  • 8 Interactions
Last activity: Last hour

Fediverse

Profile picture
interHop @interhop

[hack cvss 10.0]
Si vous utilisez React Server Components / Next.js

Lisez cela :
- "CERT-FR a connaissance de multiples exploitations de la vulnérabilité CVE-2025-55182. Les serveurs avec une version vulnérable exposés après la publication des preuves de concept publiques du 5 décembre 2025 doivent être considérés comme compromis."
cert.ssi.gouv.fr/alerte/CERTFR
- medium.com/@cdcore/react-got-h

  • 5
  • 0
  • 0
  • 5h ago
Profile picture
corq @corq

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide hackread.com/react2shell-vulne

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture
topickapp (IT技術系ニュースサイト) @topickapp.bsky.social
https://zenn.dev/divsawa/articles/20251214_nextjs-incident React Server Components (RSC)の脆弱性に関する情報です。 RCE(リモートコード実行)脆弱性 CVE-2025-55182などがReact公式から公表されました。 プロジェクト直下で `npx fix-react2shell-next` を実行し、バージョンを確認、再ビルド&再デプロイが必要です。
  • 1
  • 0
  • 0
  • 9h ago
Profile picture
Virus Bulletin @virusbtn.bsky.social
NTT's Kazuya Nomura analyses ZnDoor, a malware executed by exploiting React2Shell (CVE-2025-55182) in attacks against companies in Japan. jp.security.ntt/insights_res...
  • 0
  • 1
  • 0
  • 4h ago
Profile picture
Poster | Crypto News @cryptonews-poster.bsky.social
⚠️ Crypto users: Hackers exploiting a React flaw (CVE-2025-55182) to steal funds! Update React ASAP. 🚨 SEAL reports rising attacks – beware fake pop-ups & verify all transactions! #crypto #blockchain #news
  • 0
  • 1
  • 0
  • Last hour
Profile picture
Kaldata.com @kaldata.bsky.social
Специалисти алармират за множество опити за експлоатиране на React2Shell Агенцията за киберсигурност и инфраструктурна защита на САЩ (CISA) предупреждава федералните агенции в страната да наложат обновлението за CVE-2025-55182. Причината е, че са регистрирани масови опити за експлоатирането на…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
CyberHub @cyberhub.blog
📌 Multiple Threat Actors Exploit Critical React2Shell Vulnerability (CVE-2025-55182) https://www.cyberhub.blog/article/16761-multiple-threat-actors-exploit-critical-react2shell-vulnerability-cve-2025-55182
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
CyberHub @cyberhub.blog
📌 Increase in Exploitation of CVE-2025-55182 (React2Shell) Vulnerability with WAF Bypass Techniques https://www.cyberhub.blog/article/16780-increase-in-exploitation-of-cve-2025-55182-react2shell-vulnerability-with-waf-bypass-techniques
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
UndercodeTesting @undercode.bsky.social
Critical Unauthenticated RCE in React: The React2Shell (CVE-2025-55182) Exploitation Epidemic + Video Introduction: CVE-2025-55182, dubbed "React2Shell," is a catastrophic vulnerability in React Server Components with a maximum CVSS score of 10.0. It allows unauthenticated attackers to execute…
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical RCE Vulnerability in React Server Components (CVE-2025-55182) Sees Global Exploitation Surge https://www.cyberhub.blog/article/16787-critical-rce-vulnerability-in-react-server-components-cve-2025-55182-sees-global-exploitation-surge
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
CrowdSec @crowdsec.bsky.social
🚨 In this week’s newsletter, we revisit React2Shell (CVE-2025-55182) as exploitation surged from hundreds to over 10K daily attackers. Read the full analysis and protect your systems 👉 www.crowdsec.net/vulntracking... #React2Shell #CVE202555182 #threatalert #cybersecurity
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
SANS.edu Internet Storm Center @sansisc.bsky.social
More React2Shell Exploits CVE-2025-55182 https://isc.sans.edu/diary/32572
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-14174

Overview

  • Google
  • Chrome
12 Dec 2025
Published
13 Dec 2025
Updated
CVSS
Pending
EPSS
6.22%
KEV

Description

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 4 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
lj·rk→⁽³⁹ᶜ³⁾ @ljrk

Huh, I somehow missed this CVE:
mastodon.social/@verbrecher/11
Thx to for the pointer @verbrecher

CVE-2025-14174 is related to this commit in the ANGLE repo:
github.com/google/angle/commit

For CVE-2025-43529 there's much less info.

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
ekiledjian @edwardk

Apple fixes two zero-day flaws exploited in 'sophisticated' attacks
bleepingcomputer.com/news/secu

Apple has released emergency updates to patch two zero-day vulnerabilities
that were exploited in an “extremely sophisticated attack” targeting specific
individuals.

The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174 and were both
issued in response to the same reported exploitation.

"Apple is aware of a report that this issue may have been exploited in an
extremely sophisticated attack against specific targeted individuals on
versions of iOS before iOS 26," reads Apple's security bulletin.

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 12) CVE-2025-14174 Google Chromium の境界外メモリアクセスの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Help Net Security @helpnetsecurity.com
Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) 📖 Read more: www.helpnetsecurity.com/2025/12/15/i... #cybersecurity #cybersecuritynews #securityupdate
  • 0
  • 0
  • 0
  • 4h ago

CVE-2018-4063

Overview

  • Sierra Wireless
06 May 2019
Published
13 Dec 2025
Updated
CVSS
Pending
EPSS
4.29%
KEV

Description

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
thehackernews.com/2025/12/cisa

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday
added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to
its Known Exploited Vulnerabilities (KEV) catalog, following reports of active
exploitation in the wild.

CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload
vulnerability that could be exploited to achieve remote code execution by
means of a malicious HTTP request.

"A specially crafted HTTP request can upload a file, resulting in executable
code being uploaded, and routable, to the webserver," the agency said. "An
attacker can make an authenticated HTTP request to trigger this
vulnerability."

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 12) CVE-2018-4063 Sierra Wireless AirLink ALEOS における危険な種類のファイルの無制限アップロードの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-40780

Overview

  • ISC
  • BIND 9
22 Oct 2025
Published
04 Nov 2025
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.03%
KEV

Description

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Statistics

  • 1 Post
  • 10 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
Daniel J. Bernstein @djb

Posted a fast demo cr.yp.to/2025/20251215-recover for CVE-2025-40780, where gitlab.isc.org/isc-projects/bi says it was "discovered during research for an upcoming academic paper" that BIND's ID RNG is predictable. The attack is easy; what's interesting is why such a poor RNG ended up deployed.

  • 6
  • 4
  • 0
  • 1h ago

CVE-2025-43529

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
lj·rk→⁽³⁹ᶜ³⁾ @ljrk

Huh, I somehow missed this CVE:
mastodon.social/@verbrecher/11
Thx to for the pointer @verbrecher

CVE-2025-14174 is related to this commit in the ANGLE repo:
github.com/google/angle/commit

For CVE-2025-43529 there's much less info.

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
ekiledjian @edwardk

Apple fixes two zero-day flaws exploited in 'sophisticated' attacks
bleepingcomputer.com/news/secu

Apple has released emergency updates to patch two zero-day vulnerabilities
that were exploited in an “extremely sophisticated attack” targeting specific
individuals.

The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174 and were both
issued in response to the same reported exploitation.

"Apple is aware of a report that this issue may have been exploited in an
extremely sophisticated attack against specific targeted individuals on
versions of iOS before iOS 26," reads Apple's security bulletin.

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
Help Net Security @helpnetsecurity.com
Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) 📖 Read more: www.helpnetsecurity.com/2025/12/15/i... #cybersecurity #cybersecuritynews #securityupdate
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-21042

Overview

  • Samsung Mobile
  • Samsung Mobile Devices
12 Sep 2025
Published
11 Nov 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
3.98%
KEV

Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 2 hours ago

Bluesky

Profile picture
0xor0ne @0xor0ne.bsky.social
A look at an Android ITW DNG exploit. Quram library exploit technical details (CVE-2025-21042) googleprojectzero.blogspot.com/2025/12/a-lo... #infosec
  • 0
  • 3
  • 0
  • 2h ago

CVE-2025-9242

Overview

  • WatchGuard
  • Fireware OS
17 Sep 2025
Published
14 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
74.37%
KEV

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture
geeknik @geeknik

1996 called—it wants its stack overflow back.

2025 firewall, pre-auth RCE via IKEv2, no canaries, no PIE, leaks its version in base64 like a name tag.

“First line of defense” popping RIP to DEADBEEF. 🔥 yIKEs.
labs.watchtowr.com/yikes-watch

  • 0
  • 1
  • 0
  • 13h ago

CVE-2024-3613

Overview

  • SourceCodester
  • Warehouse Management System
11 Apr 2024
Published
08 Aug 2024
Updated
CVSS v3.1
LOW (3.5)
EPSS
0.07%
KEV

Description

A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/notelp_supplier leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260270 is the identifier assigned to this vulnerability.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Notepad++ Path Traversal Vulnerability (CVE-2024-3613) Fixed in Version 8.6.9 https://www.cyberhub.blog/article/16776-notepad-path-traversal-vulnerability-cve-2024-3613-fixed-in-version-869
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-67900

Overview

  • NXLog
  • NXLog Agent
14 Dec 2025
Published
14 Dec 2025
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.01%
KEV

Description

NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2025-67900 in NXLog Agent <6.11 lets local attackers alter OpenSSL configs via OPENSSL_CONF, risking confidentiality & integrity. Patch to 6.11+ & restrict local access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-14706

Overview

  • Shiguangwu
  • sgwbox N3
15 Dec 2025
Published
15 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.15%
KEV

Description

A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-14706 (CRITICAL, CVSS 9.3): Shiguangwu sgwbox N3 v2.0.25 has an unpatched remote command injection in /usr/sbin/http_eshell_server. Public exploit, no vendor fix. Isolate, restrict, & monitor now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago
Showing 1 to 10 of 33 CVEs