24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
06 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
27.19%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 46 Posts
  • 45 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture

Pretty much every site on our network has been scanned and attempted to be exploited so far for CVE-2025-55182 (React2Shell)

If you didn't patch over the weekend, it might be safe to consider it compromised.

First attempt I see on the logs was on:

2025-12-03 21:00:24 18.182.x.z 403 "POST /_next/static/chunks/react-flight HTTP/1.1" "-" "Mozilla/5.0 (CVE-2025-55182 PoC)"

Before most people were even ware of it.

  • 3
  • 0
  • 0
  • 10h ago
Profile picture

New telemetry from AWS shows exploit attempts against React2Shell (CVE-2025-55182, CVSS 10) starting within hours of disclosure, coming from infrastructure associated with two long-tracked China-linked clusters. Activity includes discovery commands, file writes, and probing other N-days.

Cloudflare’s brief outage during mitigations further highlights how fast large platforms now respond to critical RCEs.

Source: bleepingcomputer.com/news/secu

💬 How do we realistically defend against same-day exploitation?
👍 Follow us for more detailed cyber reports.

  • 2
  • 1
  • 0
  • 17h ago
Profile picture

CVE-2025-55182 (Next.js)を悪用した攻撃はついに拡張機能による自動的な攻撃ができるレベルに。

Exec じゃあないんですよ

  • 2
  • 0
  • 0
  • 2h ago
Profile picture

For those trying to determine React2Shell exposure: a reminder that Nuclei exists and this is the perfect use case.
docs.projectdiscovery.io/opens

Test is in the templates repo: github.com/projectdiscovery/nu

  • 1
  • 5
  • 0
  • 5h ago
Profile picture

~290 unique IPs now for React2Shell opportunistic activity.

These persistent IPs:

- 45[.]61[.]157[.]12
- 144[.]31[.]5[.]11
- 174[.]138[.]2[.]203
- 95[.]214[.]52[.]170
- 192[.]159[.]99[.]95
- 149[.]50[.]96[.]133

are responsible for ~78% (~218K) total React2Shell sessions we've seen since the start.

Moar charts/tables here: rud.is/r2s/r2s.html / viz.greynoise.io/tags/react-se

  • 1
  • 2
  • 0
  • 22h ago
Profile picture

🚨 In this week’s Threat Alert article, we’re tracking the explosive rise of React2Shell (CVE-2025-55182) attacks. The CrowdSec Network has observed 15,725+ signals in 4 days, a single-day peak of 8,925, and 381 unique IPs already weaponizing the flaw.

Read the full analysis and protect your systems 👉 crowdsec.net/vulntracking-repo

  • 1
  • 1
  • 1
  • 12h ago
Profile picture

Remember when we learned to carefully filter user input, especially before executing that input, and ESPECIALLY when we also learned that deserializing an object from user input had BETTER not have a dangerous constructor? In like 2002?

THAT WAS COOL.

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 3
  • 0
  • 6h ago
Profile picture

@jssfr AFAIK, the affected packages are react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack → cve.org/CVERecord?id=CVE-2025-

AFAIK, Mastodon doesn't depend on these packages → github.com/mastodon/mastodon/b

cc @renchap

  • 0
  • 1
  • 0
  • 11h ago
Profile picture

Mindst 2 stats-aktører udnytter en nyligt afsløret sårbarhed i React-frame-workets server-komponenter.

..begyndte få timer efter, at sårbarheden, CVE-2025-55182 kaldet React2Shell, fra sidste onsdag

.. angriberne brugte anonymiserende proxy-servere og udnyttede andre sårbarheder. Angrebene anvendte private exploits
github.com/lachlan2k/React2She

Reach2Shell har en enorm indflydelse. Ifølge Stack Overflow-udvikler-undersøgelsen 2025 bruger mere end ½ af web-udviklere React
survey.stackoverflow.co/2025/t

  • 0
  • 0
  • 0
  • 20h ago
Profile picture

Researchers have identified over 30 organizations affected by the React2Shell vulnerability (CVE-2025-55182), which is being exploited by an initial access broker linked to China's Ministry of State Security (MSS). The attacks involve stealing credentials and installing malware, with widespread scanning for the critical vulnerability observed globally.
therecord.media/researchers-tr

  • 0
  • 0
  • 0
  • 11h ago
Profile picture

Two Chinese APTs, Earth Lamia and Jackpot Panda, are actively exploiting the React2Shell vulnerability (CVE-2025-55182) in React's server components, with attacks beginning within hours of its disclosure. This critical vulnerability, rated 10/10, impacts the deserialization process and allows attackers to execute malicious commands without authentication, posing a significant risk due to React's widespread use in web development.
risky.biz/risky-bulletin-apts-

  • 0
  • 0
  • 0
  • 11h ago
Profile picture

🚨 React2Shell (CVE‑2025‑55182) in‑the‑wild exploitation & deep‑dive analysis. Critical RCE across React 19, Next.js & all RSC frameworks. Patch now.
wiz.io/blog/nextjs-cve-2025-55

  • 0
  • 0
  • 0
  • 10h ago
Profile picture

CVE-2025-55182: real shit
sees myself still using react 18 due to issues: I sleep

#thisshitissoass #security #react

  • 0
  • 0
  • 0
  • 1h ago
Profile picture

React Developers: There is a serious vulnerability in React and Next.JS (CVE-2025-55182 / CVE-2025-66478). It affects those using React for the BACKEND (RSC and React Server Functions). It is similar in damage and exploit to log4j. Please upgrade asap.

twp.ai/4isUGk

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors: dashboard.shadowserver.org/statistics/h...
  • 6
  • 8
  • 0
  • 16h ago
Profile picture
React2Shell (CVE-2025-55182, CVSS 10) is already seeing broad exploit attempts shortly after disclosure. AWS reports scanning, discovery commands, and efforts tied to long-tracked China-associated clusters... #React2Shell #CyberSecurity #ThreatIntel #InfoSec #AppSec #WebSecurity
  • 1
  • 1
  • 0
  • 17h ago
Profile picture
Finally I got an RCE in live website on #CVE-2025-55182 #rce #BugBounty #reactjs #nextjs join my telegram t.me/mr0rh
  • 0
  • 4
  • 0
  • 12h ago
Profile picture
🚨 React2Shell is here. 🚨 CVE-2025-55182 enables unauthenticated RCE in React & Next.js apps. Exploitation is real. Outages already happened. Read the full breakdown 👇 basefortify.eu/posts/2025/1... and consult our #AI assistant and Q & A #React2Shell #CVE #WebSecurity #CyberSecurity 🔥🔐
  • 0
  • 2
  • 0
  • 16h ago
Profile picture
The React RCE Timebomb: How CVE‑2025‑55182 Lets Hackers Hijack Your Server Components Introduction: A critical vulnerability in React's Server Components infrastructure has sent shockwaves through the web development community. Designated CVE-2025-55182, this flaw enables unauthenticated Remote…
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
夜行性インコさんのまとめ。珍しく昼間公開ということで、脆弱性のヤバさが解る気がしますね… 対応早めに!!:React Server Componentsの脆弱性 CVE-2025-55182(React2Shell)についてまとめてみた。 - piyolog https://piyolog.hatenadiary.jp/entry/2025/12/08/113316
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
あいたた…:Cloudflareの障害、原因はReact2Shellに対する緩和措置(CVE-2025-55182) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42920/
  • 0
  • 0
  • 1
  • 22h ago
Profile picture
The latest update for #Indusface includes "React2Shell(CVE-2025-55182): Critical RCE Vulnerability in React Server Components and Next.js". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
React2Shell Exposed: How a Single CVE-2025-55182 Flaw Could Be Your Next Log4j-Scale Nightmare Introduction: A critical vulnerability in React Server Components (RSC), dubbed "React2Shell" (CVE-2025-55182), has emerged, posing a severe remote code execution (RCE) threat to modern Next.js and…
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
React Server Componentsの脆弱性 CVE-2025-55182(React2Shell)についてまとめてみた。 - piyolog https://piyolog.hatenadiary.jp/entry/2025/12/08/113316
  • 0
  • 0
  • 2
  • 20h ago
Profile picture
CVE-2025-55182: Explanation and full RCE PoC for CVE-2025-55182
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
Critical React Zero-Day “React2Shell” Exploited in Wild: Your Complete Survival Guide to CVE-2025-55182 Introduction: A critical, maximum-severity Remote Code Execution (RCE) vulnerability, CVE-2025-55182 (dubbed React2Shell), is now being actively weaponized in attacks against React and Next.js…
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
📌 CISA Adds Critical Meta React Server Components RCE Flaw (CVE-2025-55182) to KEV Catalog https://www.cyberhub.blog/article/16499-cisa-adds-critical-meta-react-server-components-rce-flaw-cve-2025-55182-to-kev-catalog
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | aws.amazon.com/blogs/securi... @awscloud.bsky.social
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog www.wiz.io/blog/critica...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture
先週公開された脆弱性、React2Shell(CVE-2025-55182)への対応が進んでいる。既に30以上の組織で侵害が確認されている。この活動は、中国の国家安全部(MSS)に関連する初期アクセスブローカーによるものと特定されている。 therecord.media/researchers-...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
~Zscaler~ A critical RCE vulnerability (CVE-2025-55182, CVSS 10.0) in React Server Components allows unauthenticated code execution. - IOCs: CVE-2025-55182 - #CVE202555182 #RCE #React2Shell #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
📣 Within hours of disclosure, threat actors began probing and exploiting #React2Shell (CVE-2025-55182), and the #CVE has now been added to CISA’s KEV catalog. If you run React Server Components, Next.js, or dependent frameworks, patch immediately. More details: buff.ly/PPd3QsF #AppSec
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
📢 Faille critique React2Shell (CVE-2025-55182) massivement exploitée : 77 000 IP exposées, 30+ organisations compromi…📝 … https://cyberveille.ch/posts/2025-12-08-faille-critique-react2shell-cve-2025-55182-massivement-exploitee-77-000-ip-exposees-30-organisations-compromises/ #APT_chinois #Cyberveil…
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
📢 Exploitation éclair de React2Shell (CVE-2025-55182) ciblant React/Next.js par des groupes liés à la Chine 📝 Source: cyble.c… https://cyberveille.ch/posts/2025-12-08-exploitation-eclair-de-react2shell-cve-2025-55182-ciblant-react-next-js-par-des-groupes-lies-a-la-chine/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago
Profile picture
“Within 24 hours of CVE-2025-55182 being disclosed .. multiple threat actors linked to China attempting to exploit the bug – .. same time frame that saw the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) release its own warning.” www.cyberdaily.au/security/129...
  • 0
  • 0
  • 0
  • 3h ago
Profile picture
React2Shell(CVE-2025-55182)とは-React Server Components/Next.jsを直撃する脆弱性 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
The latest update for #Harness includes "DBA vs Developer Dynamics: Bridging the Gap with Database #DevOps" and "Protect Against Critical Unauthenticated RCE in React & Next.js (CVE-2025-55182) with Traceable WAF". #CICD #AI https://opsmtrs.com/4hhDUoO
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
The latest update for #CyCognito includes "Emerging Threat: CVE-2025-55182 (React2Shell) – React Server Components RCE Vulnerability" and "Emerging Threat: CVE-2025-41115 – Critical SCIM Privilege Escalation in Grafana Enterprise". #cybersecurity #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
React2shell Nightmare: How a CVSS 100 Bug Is Compromising Thousands of Sites (And How to Stop It) Introduction: A pair of critical vulnerabilities dubbed "React2shell" (CVE-2025-55182 and CVE-2025-66478) is actively compromising websites globally, with a CVSS 3.x score of 10.0 indicating maximum…
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
The latest update for #Sentrium includes "React and Next.js unauthenticated remote code execution (CVE-2025-55182, CVE-2025-66478)" and "How to measure the ROI of #penetrationtesting and cyber security investments". #Cybersecurity #PenTesting #infosec https://opsmtrs.com/3aPKkxS
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
The latest update for #Wallarm includes "Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)". #cybersecurity #APISecurity #AppSec https://opsmtrs.com/453oM6P
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Sneeit
  • Sneeit Framework

25 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.34%

KEV

Description

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture
Une faille critique RCE dans le plugin #Sneeit WordPress (CVE-2025-6389) est exploitée activement, selon #Wordfence. La version 8.4 (août 2025) corrige ce bug affectant plus de 1 700 sites. ⚠️🔒 #CyberSecurity #IA2025 #InnovationIA https://kntn.ly/9a1cbfa5
  • 0
  • 1
  • 0
  • 16h ago
Profile picture
A remote code execution vulnerability (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being actively exploited since November 24, 2025. […]
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active installations.
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Apache Software Foundation
  • Apache Tika core
  • org.apache.tika:tika-core

04 Dec 2025
Published
05 Dec 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Statistics

  • 3 Posts
  • 7 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

🚨CVE-2025-66516: Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.

Scanner: github.com/Ashwesker/Blackash-

CVSS: 10
Vendor/Product: Apache Tika

Affected modules:

▪️Apache Tika Core: org.apache.tika:tika-core versions 1.13 through 3.2.1
▪️Apache Tika Parsers: org.apache.tika:tika-parsers versions 1.13 before 2.0.0, In 1.x releases, the PDFParser was bundled in this module.
▪️Apache Tika PDF Parser Module: org.apache.tika:tika-parser-pdf-module versions 2.0.0 through 3.2.1

Advisory: lists.apache.org/thread/s5x3k9

  • 0
  • 0
  • 0
  • 5h ago
Profile picture

Defer to @todb on this as CVE expert(tm) but shouldn't CVE-2025-66516 have been an update of CVE-2025-54988? It's the same vulnerability.

lists.apache.org/thread/s5x3k9

  • 2
  • 5
  • 0
  • 20h ago

Bluesky

Profile picture
Apache Tika XFAを含むPDFファイルを用いて、XXEインジェクションを誘発できる脆弱性 CVE-2025-66516 CVSS 10.0 Critical このXXEによって、サーバー上の任意ファイルの読み出し、SSRF、DoS、さらにはRCEにつながる可能性があります。 影響範囲:Apache Tika の tika-core (1.13〜3.2.1)、tika-pdf-module (2.0.0〜3.2.1)、および tika-parsers (1.13〜1.28.5)
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

28 Aug 2022
Published
08 Dec 2025
Updated

CVSS
Pending
EPSS
34.73%

Description

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture
  • 0
  • 2
  • 0
  • 8h ago
Profile picture

🚨CISA Kev Catalog has added two more vulnerabilities

CVE-2022-37055: D-Link Routers Buffer Overflow Vulnerability

CVSS: 9.8

CVE-2025-66644: Array Networks ArrayOS AG OS Command Injection Vulnerability

CVSS: 7.1

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
~Cisa~ CISA adds two actively exploited vulnerabilities affecting D-Link routers (CVE-2022-37055) and Array Networks OS (CVE-2025-66644) to its KEV catalog. - IOCs: CVE-2022-37055, CVE-2025-66644 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Infinera
  • MTC-9

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%

KEV

Description

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture

🚨 CRITICAL: CVE-2025-27020 hits Infinera MTC-9 (R22.1.1.0275<R23.0). Missing SSH auth lets attackers run commands & access data. Upgrade to R23.0+ and restrict SSH immediately. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Profile picture

Infinera yikes.

cve.org/CVERecord?id=CVE-2025-

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system\n\n.\n\n\nThis issue affects MTC-9: from R22.1.1.0275 before R23.0.

and

cve.org/CVERecord?id=CVE-2025-

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows\n an attacker to utilize password-less user accounts and obtain \nsystem access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • Pending

Pending
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 4 Posts

Last activity: 1 hour ago

Fediverse

Profile picture

React Developers: There is a serious vulnerability in React and Next.JS (CVE-2025-55182 / CVE-2025-66478). It affects those using React for the BACKEND (RSC and React Server Functions). It is similar in damage and exploit to log4j. Please upgrade asap.

twp.ai/4isUGk

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
React2shell Nightmare: How a CVSS 100 Bug Is Compromising Thousands of Sites (And How to Stop It) Introduction: A pair of critical vulnerabilities dubbed "React2shell" (CVE-2025-55182 and CVE-2025-66478) is actively compromising websites globally, with a CVSS 3.x score of 10.0 indicating maximum…
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
The latest update for #Sentrium includes "React and Next.js unauthenticated remote code execution (CVE-2025-55182, CVE-2025-66478)" and "How to measure the ROI of #penetrationtesting and cyber security investments". #Cybersecurity #PenTesting #infosec https://opsmtrs.com/3aPKkxS
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
The latest update for #Wallarm includes "Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)". #cybersecurity #APISecurity #AppSec https://opsmtrs.com/453oM6P
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

08 Jul 2025
Published
21 Oct 2025
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
62.10%

Description

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts

Last activity: 10 hours ago

Fediverse

Profile picture

📰 SharePoint Flaw Chain Exploited to Deploy Warlock Ransomware

Ransomware alert: Storm-2603 exploits SharePoint flaws (CVE-2025-49706) to deploy Warlock ransomware. Attackers abuse the legitimate DFIR tool 'Velociraptor' to evade detection. Patch SharePoint now! ⚠️ #Ransomware #SharePoint #LotL

🔗 cyber.netsecops.io/articles/sh

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture
中国拠点のハッキンググループLinen Typhoon、Violet Typhoon、Storm-2603が、Microsoft SharePointの脆弱性CVE-2025-49704とCVE-2025-49706を悪用するToolShellキャンペーンを展開していた。3グループはほぼ同時期に同じ脆弱性を悪用。 therecord.media/three-hackin...
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Microsoft
  • Windows

26 Aug 2025
Published
05 Dec 2025
Updated

CVSS v3.0
HIGH (7.0)
EPSS
0.23%

KEV

Description

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture

Microsoft har i al stilhed rettet en #0day sårbarhed i Windows LNK-fil-formatet

Sårbarheden, CVE-2025-9491, er blevet udnyttet af 22 hackergrupper siden sidste år

Rettelserne er blevet udrullet i små portioner siden juni

Microsoft afviste oprindeligt at rette problemet, efter at de blev underrettet om angrebene
blog.0patch.com/2025/12/micros

  • 2
  • 0
  • 0
  • 18h ago

Overview

  • Pending

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Overview

  • Pending

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 11 hours ago
Showing 1 to 10 of 35 CVEs