24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
06 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
27.19%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 34 Posts
  • 30 Interactions

Last activity: Last hour

Fediverse

Profile picture

New telemetry from AWS shows exploit attempts against React2Shell (CVE-2025-55182, CVSS 10) starting within hours of disclosure, coming from infrastructure associated with two long-tracked China-linked clusters. Activity includes discovery commands, file writes, and probing other N-days.

Cloudflare’s brief outage during mitigations further highlights how fast large platforms now respond to critical RCEs.

Source: bleepingcomputer.com/news/secu

💬 How do we realistically defend against same-day exploitation?
👍 Follow us for more detailed cyber reports.

  • 2
  • 1
  • 0
  • 5h ago
Profile picture

~290 unique IPs now for React2Shell opportunistic activity.

These persistent IPs:

- 45[.]61[.]157[.]12
- 144[.]31[.]5[.]11
- 174[.]138[.]2[.]203
- 95[.]214[.]52[.]170
- 192[.]159[.]99[.]95
- 149[.]50[.]96[.]133

are responsible for ~78% (~218K) total React2Shell sessions we've seen since the start.

Moar charts/tables here: rud.is/r2s/r2s.html / viz.greynoise.io/tags/react-se

  • 1
  • 2
  • 0
  • 10h ago
Profile picture

Coreruleset patch to block (some?) CVE-2025-55182 exploit attempts:

github.com/coreruleset/corerul

#CVE_2025_55182 #modsecurity #coreruleset #react2shell

  • 0
  • 0
  • 0
  • 22h ago
Profile picture

Mindst 2 stats-aktører udnytter en nyligt afsløret sårbarhed i React-frame-workets server-komponenter.

..begyndte få timer efter, at sårbarheden, CVE-2025-55182 kaldet React2Shell, fra sidste onsdag

.. angriberne brugte anonymiserende proxy-servere og udnyttede andre sårbarheder. Angrebene anvendte private exploits
github.com/lachlan2k/React2She

Reach2Shell har en enorm indflydelse. Ifølge Stack Overflow-udvikler-undersøgelsen 2025 bruger mere end ½ af web-udviklere React
survey.stackoverflow.co/2025/t

  • 0
  • 0
  • 0
  • 8h ago
Profile picture

🚨 In this week’s Threat Alert article, we’re tracking the explosive rise of React2Shell (CVE-2025-55182) attacks. The CrowdSec Network has observed 15,725+ signals in 4 days, a single-day peak of 8,925, and 381 unique IPs already weaponizing the flaw.

Read the full analysis and protect your systems 👉 crowdsec.net/vulntracking-repo

  • 0
  • 0
  • 1
  • Last hour

Bluesky

Profile picture
Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors: dashboard.shadowserver.org/statistics/h...
  • 5
  • 6
  • 0
  • 4h ago
Profile picture
React2Shell (CVE-2025-55182, CVSS 10) is already seeing broad exploit attempts shortly after disclosure. AWS reports scanning, discovery commands, and efforts tied to long-tracked China-associated clusters... #React2Shell #CyberSecurity #ThreatIntel #InfoSec #AppSec #WebSecurity
  • 1
  • 1
  • 0
  • 5h ago
Profile picture
La faille critique React2Shell a été ajoutée au catalogue KEV de la #CISA après une exploitation active confirmée. Cette vulnérabilité (CVE-2025-55182, score CVSS 10.0) permet une exécution de code à distance. 🔐⚠️ #CyberSecurity #IAÉthique #IA2025 https://kntn.ly/499299c6
  • 0
  • 3
  • 0
  • 23h ago
Profile picture
Finally I got an RCE in live website on #CVE-2025-55182 #rce #BugBounty #reactjs #nextjs join my telegram t.me/mr0rh
  • 0
  • 3
  • 0
  • Last hour
Profile picture
🚨 React2Shell is here. 🚨 CVE-2025-55182 enables unauthenticated RCE in React & Next.js apps. Exploitation is real. Outages already happened. Read the full breakdown 👇 basefortify.eu/posts/2025/1... and consult our #AI assistant and Q & A #React2Shell #CVE #WebSecurity #CyberSecurity 🔥🔐
  • 0
  • 2
  • 0
  • 4h ago
Profile picture
📌 Critical RCE Vulnerability in React and Next.js: CVE-2025-55182 Poses Major Threat https://www.cyberhub.blog/article/16478-critical-rce-vulnerability-in-react-and-nextjs-cve-2025-55182-poses-major-threat
  • 0
  • 1
  • 0
  • 16h ago
Profile picture
BREAKING: React2Shell Exploit Unleashes Hell on Nextjs Apps – Here’s How to Hack and Harden Your Systems Introduction: CVE-2025-55182, dubbed "React2Shell," is a critical deserialization vulnerability in certain Next.js deployments that allows remote code execution (RCE) via server-side React…
  • 0
  • 1
  • 0
  • 16h ago
Profile picture
React2Shell: How a Single Deserialization Flaw in React 19 Can Hand Over Your Server Shell to Hackers Introduction: The discovery of CVE-2025-55182, dubbed "React2Shell," has sent shockwaves through the web application security community. This critical vulnerability, residing in the React Server…
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
React2Shell Unleashed: How a Single HTTP Request Can Give You Full Remote Code Execution (And How to Stop It) Introduction: In December 2025, the cybersecurity landscape was shaken by the disclosure of CVE-2025-55182, dubbed "React2Shell." With a maximum CVSS score of 10.0, this critical…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 5) CVE-2025-55182 Meta React サーバーコンポーネントのリモートコード実行の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
中国系ハッカー グループがReact Server Componentsの脆弱性 React2Shell(CVE-2025-55182)を即日悪用-AWSが警告 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
The React RCE Timebomb: How CVE‑2025‑55182 Lets Hackers Hijack Your Server Components Introduction: A critical vulnerability in React's Server Components infrastructure has sent shockwaves through the web development community. Designated CVE-2025-55182, this flaw enables unauthenticated Remote…
  • 0
  • 0
  • 0
  • 11h ago
Profile picture
夜行性インコさんのまとめ。珍しく昼間公開ということで、脆弱性のヤバさが解る気がしますね… 対応早めに!!:React Server Componentsの脆弱性 CVE-2025-55182(React2Shell)についてまとめてみた。 - piyolog https://piyolog.hatenadiary.jp/entry/2025/12/08/113316
  • 0
  • 0
  • 0
  • 11h ago
Profile picture
あいたた…:Cloudflareの障害、原因はReact2Shellに対する緩和措置(CVE-2025-55182) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42920/
  • 0
  • 0
  • 1
  • 10h ago
Profile picture
The latest update for #Indusface includes "React2Shell(CVE-2025-55182): Critical RCE Vulnerability in React Server Components and Next.js". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
React2Shell Exposed: How a Single CVE-2025-55182 Flaw Could Be Your Next Log4j-Scale Nightmare Introduction: A critical vulnerability in React Server Components (RSC), dubbed "React2Shell" (CVE-2025-55182), has emerged, posing a severe remote code execution (RCE) threat to modern Next.js and…
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
React Server Componentsの脆弱性 CVE-2025-55182(React2Shell)についてまとめてみた。 - piyolog https://piyolog.hatenadiary.jp/entry/2025/12/08/113316
  • 0
  • 0
  • 2
  • 8h ago
Profile picture
CVE-2025-55182: Explanation and full RCE PoC for CVE-2025-55182
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
Critical React Zero-Day “React2Shell” Exploited in Wild: Your Complete Survival Guide to CVE-2025-55182 Introduction: A critical, maximum-severity Remote Code Execution (RCE) vulnerability, CVE-2025-55182 (dubbed React2Shell), is now being actively weaponized in attacks against React and Next.js…
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
📌 CISA Adds Critical Meta React Server Components RCE Flaw (CVE-2025-55182) to KEV Catalog https://www.cyberhub.blog/article/16499-cisa-adds-critical-meta-react-server-components-rce-flaw-cve-2025-55182-to-kev-catalog
  • 0
  • 0
  • 0
  • 3h ago
Profile picture
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | aws.amazon.com/blogs/securi... @awscloud.bsky.social
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog www.wiz.io/blog/critica...
  • 0
  • 0
  • 0
  • Last hour
Profile picture
The latest update for #CyCognito includes "Emerging Threat: CVE-2025-55182 (React2Shell) – React Server Components RCE Vulnerability" and "Emerging Threat: CVE-2025-41115 – Critical SCIM Privilege Escalation in Grafana Enterprise". #cybersecurity #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
React2shell Nightmare: How a CVSS 100 Bug Is Compromising Thousands of Sites (And How to Stop It) Introduction: A pair of critical vulnerabilities dubbed "React2shell" (CVE-2025-55182 and CVE-2025-66478) is actively compromising websites globally, with a CVSS 3.x score of 10.0 indicating maximum…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Sneeit
  • Sneeit Framework

25 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.34%

KEV

Description

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 5 hours ago

Bluesky

Profile picture
Une faille critique RCE dans le plugin #Sneeit WordPress (CVE-2025-6389) est exploitée activement, selon #Wordfence. La version 8.4 (août 2025) corrige ce bug affectant plus de 1 700 sites. ⚠️🔒 #CyberSecurity #IA2025 #InnovationIA https://kntn.ly/9a1cbfa5
  • 0
  • 1
  • 0
  • 5h ago
Profile picture
A remote code execution vulnerability (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being actively exploited since November 24, 2025. […]
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Apache Software Foundation
  • Apache Tika core
  • org.apache.tika:tika-core

04 Dec 2025
Published
05 Dec 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Statistics

  • 2 Posts
  • 7 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture

Defer to @todb on this as CVE expert(tm) but shouldn't CVE-2025-66516 have been an update of CVE-2025-54988? It's the same vulnerability.

lists.apache.org/thread/s5x3k9

  • 2
  • 5
  • 0
  • 8h ago

Bluesky

Profile picture
重大なXXEバグCVE-2025-66516(CVSS 10.0)がApache Tikaに影響、緊急パッチが必要 Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch #HackerNews (Dec 5) thehackernews.com/2025/12/crit...
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Infinera
  • MTC-9

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%

KEV

Description

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture

🚨 CRITICAL: CVE-2025-27020 hits Infinera MTC-9 (R22.1.1.0275<R23.0). Missing SSH auth lets attackers run commands & access data. Upgrade to R23.0+ and restrict SSH immediately. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago
Profile picture

Infinera yikes.

cve.org/CVERecord?id=CVE-2025-

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system\n\n.\n\n\nThis issue affects MTC-9: from R22.1.1.0275 before R23.0.

and

cve.org/CVERecord?id=CVE-2025-

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows\n an attacker to utilize password-less user accounts and obtain \nsystem access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

  • 0
  • 1
  • 0
  • 2h ago

Overview

  • Pending

Pending
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Fediverse

Profile picture

Turns out I had a Next.js app deployed on a shared hosting setup that got hacked by the recent React Server Components vulnerability (nextjs.org/blog/CVE-2025-66478).

It was a generic attack that was not well suited to my setup, so it looks like nothing bad happened, but I’ve had to do some cleanup.

Not my fave thing to do at 11:30 pm for 4 hours straight.

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture
React2shell Nightmare: How a CVSS 100 Bug Is Compromising Thousands of Sites (And How to Stop It) Introduction: A pair of critical vulnerabilities dubbed "React2shell" (CVE-2025-55182 and CVE-2025-66478) is actively compromising websites globally, with a CVSS 3.x score of 10.0 indicating maximum…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Microsoft
  • Windows

26 Aug 2025
Published
05 Dec 2025
Updated

CVSS v3.0
HIGH (7.0)
EPSS
0.23%

KEV

Description

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

Microsoft har i al stilhed rettet en #0day sårbarhed i Windows LNK-fil-formatet

Sårbarheden, CVE-2025-9491, er blevet udnyttet af 22 hackergrupper siden sidste år

Rettelserne er blevet udrullet i små portioner siden juni

Microsoft afviste oprindeligt at rette problemet, efter at de blev underrettet om angrebene
blog.0patch.com/2025/12/micros

  • 2
  • 0
  • 0
  • 7h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture
PH68243:IBM WebSphere Application Server is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4) https://tinyurl.com/24vwpd2o
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Docker
  • Docker Desktop

20 Aug 2025
Published
25 Sep 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%

KEV

Description

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
当SSRF足以实现完全逃逸:深入解析Windows Docker Desktop漏洞CVE-2025-9074 https://qian.cx/posts/1E0B9F4D-5B18-48ED-8805-78EC74BD4F5D
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Pending

25 Sep 2025
Published
29 Sep 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. scq.ms/48Cnl39 #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • roselldk
  • WebP Express

04 Dec 2025
Published
04 Dec 2025
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.04%

KEV

Description

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attackers to extract configuration data.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

Moved from webp-express to avif-express on my Wordpress site because the former has a security vulnerability (CVE-2025-11379) and looks unmaintained.

#CVE_2025_11379 #webp #avif #wordpress

  • 0
  • 0
  • 0
  • 23h ago
Showing 1 to 10 of 28 CVEs