24h | 7d | 30d

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

06 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

27.19%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

34 Posts
30 Interactions

Last activity: Last hour

Fediverse

TechNadu @technadu

New telemetry from AWS shows exploit attempts against React2Shell (CVE-2025-55182, CVSS 10) starting within hours of disclosure, coming from infrastructure associated with two long-tracked China-linked clusters. Activity includes discovery commands, file writes, and probing other N-days.

Cloudflare’s brief outage during mitigations further highlights how fast large platforms now respond to critical RCEs.

Source: https://www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable/

💬 How do we realistically defend against same-day exploitation?
👍 Follow us for more detailed cyber reports.

#React2Shell #CVE202555182 #CyberSecurity #ThreatIntel #AppSec #WebSecurity #CloudSecurity #InfoSec

2
1
0
5h ago

hrbrmstr 🇺🇦 🇬🇱 🇨🇦 @hrbrmstr

~290 unique IPs now for React2Shell opportunistic activity.

These persistent IPs:

- 45[.]61[.]157[.]12
- 144[.]31[.]5[.]11
- 174[.]138[.]2[.]203
- 95[.]214[.]52[.]170
- 192[.]159[.]99[.]95
- 149[.]50[.]96[.]133

are responsible for ~78% (~218K) total React2Shell sessions we've seen since the start.

Moar charts/tables here: https://rud.is/r2s/r2s.html / https://viz.greynoise.io/tags/react-server-components-unsafe-deserialization-cve-2025-55182-rce-attempt?days=10

1
2
0
10h ago

Tomucha @tomucha

Najdi pět rozdílů:

https://nvd.nist.gov/vuln/detail/CVE-2025-55182

https://en.wikipedia.org/wiki/Great_Famine_(Ireland)#Potato_dependency

1
0
0
8h ago

Frehi @frehi

Coreruleset patch to block (some?) CVE-2025-55182 exploit attempts:

https://github.com/coreruleset/coreruleset/pull/4372

#CVE_2025_55182 #modsecurity #coreruleset #react2shell

0
0
0
22h ago

#cryptohagen @cryptohagen

Mindst 2 stats-aktører udnytter en nyligt afsløret sårbarhed i React-frame-workets server-komponenter.

..begyndte få timer efter, at sårbarheden, CVE-2025-55182 kaldet React2Shell, fra sidste onsdag

.. angriberne brugte anonymiserende proxy-servere og udnyttede andre sårbarheder. Angrebene anvendte private exploits
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

Reach2Shell har en enorm indflydelse. Ifølge Stack Overflow-udvikler-undersøgelsen 2025 bruger mere end ½ af web-udviklere React
https://survey.stackoverflow.co/2025/technology

0
0
0
8h ago

CrowdSec @CrowdSec

🚨 In this week’s Threat Alert article, we’re tracking the explosive rise of React2Shell (CVE-2025-55182) attacks. The CrowdSec Network has observed 15,725+ signals in 4 days, a single-day peak of 8,925, and 381 unique IPs already weaponizing the flaw.

Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2025-55182

#CVE #React2Shell #CVE202555182 #threatalert #cybersecurity

0
0
1
Last hour

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors: dashboard.shadowserver.org/statistics/h...

5
6
0
4h ago

TechNadu @technadu.com

React2Shell (CVE-2025-55182, CVSS 10) is already seeing broad exploit attempts shortly after disclosure. AWS reports scanning, discovery commands, and efforts tied to long-tracked China-associated clusters... #React2Shell #CyberSecurity #ThreatIntel #InfoSec #AppSec #WebSecurity

1
1
0
5h ago

Calimeg @calimegai.bsky.social

La faille critique React2Shell a été ajoutée au catalogue KEV de la #CISA après une exploitation active confirmée. Cette vulnérabilité (CVE-2025-55182, score CVSS 10.0) permet une exécution de code à distance. 🔐⚠️ #CyberSecurity #IAÉthique #IA2025 https://kntn.ly/499299c6

0
3
0
23h ago

Haxshadow @haxshadow.bsky.social

Finally I got an RCE in live website on #CVE-2025-55182 #rce #BugBounty #reactjs #nextjs join my telegram t.me/mr0rh

0
3
0
Last hour

BaseFortify.eu @basefortify.bsky.social

🚨 React2Shell is here. 🚨 CVE-2025-55182 enables unauthenticated RCE in React & Next.js apps. Exploitation is real. Outages already happened. Read the full breakdown 👇 basefortify.eu/posts/2025/1... and consult our #AI assistant and Q & A #React2Shell #CVE #WebSecurity #CyberSecurity 🔥🔐

0
2
0
4h ago

CyberHub @cyberhub.blog

📌 Critical RCE Vulnerability in React and Next.js: CVE-2025-55182 Poses Major Threat https://www.cyberhub.blog/article/16478-critical-rce-vulnerability-in-react-and-nextjs-cve-2025-55182-poses-major-threat

0
1
0
16h ago

UndercodeTesting @undercode.bsky.social

BREAKING: React2Shell Exploit Unleashes Hell on Nextjs Apps – Here’s How to Hack and Harden Your Systems Introduction: CVE-2025-55182, dubbed "React2Shell," is a critical deserialization vulnerability in certain Next.js deployments that allows remote code execution (RCE) via server-side React…

0
1
0
16h ago

UndercodeTesting @undercode.bsky.social

React2Shell: How a Single Deserialization Flaw in React 19 Can Hand Over Your Server Shell to Hackers Introduction: The discovery of CVE-2025-55182, dubbed "React2Shell," has sent shockwaves through the web application security community. This critical vulnerability, residing in the React Server…

0
0
0
22h ago

UndercodeTesting @undercode.bsky.social

React2Shell Unleashed: How a Single HTTP Request Can Give You Full Remote Code Execution (And How to Stop It) Introduction: In December 2025, the cybersecurity landscape was shaken by the disclosure of CVE-2025-55182, dubbed "React2Shell." With a maximum CVSS score of 10.0, this critical…

0
0
0
21h ago

キタきつね @kitafox.bsky.social

CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 5) CVE-2025-55182 Meta React サーバーコンポーネントのリモートコード実行の脆弱性 www.cisa.gov/news-events/...

0
0
0
19h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

中国系ハッカーグループがReact Server Componentsの脆弱性 React2Shell(CVE-2025-55182)を即日悪用-AWSが警告 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃

0
0
0
15h ago

UndercodeTesting @undercode.bsky.social

The React RCE Timebomb: How CVE‑2025‑55182 Lets Hackers Hijack Your Server Components Introduction: A critical vulnerability in React's Server Components infrastructure has sent shockwaves through the web development community. Designated CVE-2025-55182, this flaw enables unauthenticated Remote…

0
0
0
11h ago

tamosan @tamosan.bsky.social

夜行性インコさんのまとめ。珍しく昼間公開ということで、脆弱性のヤバさが解る気がしますね… 対応早めに！！：React Server Componentsの脆弱性 CVE-2025-55182（React2Shell）についてまとめてみた。 - piyolog https://piyolog.hatenadiary.jp/entry/2025/12/08/113316

0
0
0
11h ago

tamosan @tamosan.bsky.social

あいたた…：Cloudflareの障害、原因はReact2Shellに対する緩和措置（CVE-2025-55182） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42920/

0
0
1
10h ago

OpsMatters @opsmatters.com

The latest update for #Indusface includes "React2Shell(CVE-2025-55182): Critical RCE Vulnerability in React Server Components and Next.js". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF

0
0
0
10h ago

UndercodeTesting @undercode.bsky.social

React2Shell Exposed: How a Single CVE-2025-55182 Flaw Could Be Your Next Log4j-Scale Nightmare Introduction: A critical vulnerability in React Server Components (RSC), dubbed "React2Shell" (CVE-2025-55182), has emerged, posing a severe remote code execution (RCE) threat to modern Next.js and…

0
0
0
10h ago

ohhara @shiojiri.com

React Server Componentsの脆弱性 CVE-2025-55182（React2Shell）についてまとめてみた。 - piyolog https://piyolog.hatenadiary.jp/entry/2025/12/08/113316

0
0
2
8h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

CVE-2025-55182: Explanation and full RCE PoC for CVE-2025-55182

0
0
0
6h ago

UndercodeTesting @undercode.bsky.social

Critical React Zero-Day “React2Shell” Exploited in Wild: Your Complete Survival Guide to CVE-2025-55182 Introduction: A critical, maximum-severity Remote Code Execution (RCE) vulnerability, CVE-2025-55182 (dubbed React2Shell), is now being actively weaponized in attacks against React and Next.js…

0
0
0
5h ago

CyberHub @cyberhub.blog

📌 CISA Adds Critical Meta React Server Components RCE Flaw (CVE-2025-55182) to KEV Catalog https://www.cyberhub.blog/article/16499-cisa-adds-critical-meta-react-server-components-rce-flaw-cve-2025-55182-to-kev-catalog

0
0
0
3h ago

780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | aws.amazon.com/blogs/securi... @awscloud.bsky.social

0
0
0
2h ago

Lorenzo Ordóñez @lordman1982.bsky.social

React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog www.wiz.io/blog/critica...

0
0
0
Last hour

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Emerging Threat: CVE-2025-55182 (React2Shell) – React Server Components RCE Vulnerability" and "Emerging Threat: CVE-2025-41115 – Critical SCIM Privilege Escalation in Grafana Enterprise". #cybersecurity #EASM https://opsmtrs.com/44Srq0X

0
0
0
10h ago

UndercodeTesting @undercode.bsky.social

React2shell Nightmare: How a CVSS 100 Bug Is Compromising Thousands of Sites (And How to Stop It) Introduction: A pair of critical vulnerabilities dubbed "React2shell" (CVE-2025-55182 and CVE-2025-66478) is actively compromising websites globally, with a CVSS 3.x score of 10.0 indicating maximum…

0
0
0
6h ago

CVE-2025-6389

Overview

Sneeit
Sneeit Framework

25 Nov 2025

Published

25 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.34%

MITRE

KEV

Description

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

Statistics

2 Posts
1 Interaction

Last activity: 5 hours ago

Bluesky

Calimeg @calimegai.bsky.social

Une faille critique RCE dans le plugin #Sneeit WordPress (CVE-2025-6389) est exploitée activement, selon #Wordfence. La version 8.4 (août 2025) corrige ce bug affectant plus de 1 700 sites. ⚠️🔒 #CyberSecurity #IA2025 #InnovationIA https://kntn.ly/9a1cbfa5

0
1
0
5h ago

Bitnewsbot @bitnewsbot.bsky.social

A remote code execution vulnerability (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being actively exploited since November 24, 2025. […]

0
0
0
5h ago

CVE-2025-66516

Overview

Apache Software Foundation
Apache Tika core
org.apache.tika:tika-core

04 Dec 2025

Published

05 Dec 2025

Updated

CVSS

Pending

EPSS

0.05%

MITRE

KEV

Description

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Statistics

2 Posts
7 Interactions

Last activity: 8 hours ago

Fediverse

Kevin Beaumont @GossiTheDog

Defer to @todb on this as CVE expert(tm) but shouldn't CVE-2025-66516 have been an update of CVE-2025-54988? It's the same vulnerability.

https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k

2
5
0
8h ago

Bluesky

キタきつね @kitafox.bsky.social

重大なXXEバグCVE-2025-66516（CVSS 10.0）がApache Tikaに影響、緊急パッチが必要 Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch #HackerNews (Dec 5) thehackernews.com/2025/12/crit...

0
0
0
18h ago

CVE-2025-27020

Overview

Infinera
MTC-9

08 Dec 2025

Published

08 Dec 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.09%

MITRE

KEV

Description

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Statistics

2 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-27020 hits Infinera MTC-9 (R22.1.1.0275<R23.0). Missing SSH auth lets attackers run commands & access data. Upgrade to R23.0+ and restrict SSH immediately. https://radar.offseq.com/threat/cve-2025-27020-cwe-306-missing-authentication-for--156b66fd #OffSeq #Vulnerability #Infosec #NetworkSecurity

0
0
0
6h ago

cR0w h0 h0 @cR0w

Infinera yikes.

https://www.cve.org/CVERecord?id=CVE-2025-27020

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system\n\n.\n\n\nThis issue affects MTC-9: from R22.1.1.0275 before R23.0.

and

https://www.cve.org/CVERecord?id=CVE-2025-27019

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows\n an attacker to utilize password-less user accounts and obtain \nsystem access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

0
1
0
2h ago

CVE-2025-66478

Overview

Pending

Pending

Published

03 Dec 2025

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

2 Posts

Last activity: 6 hours ago

Fediverse

Florens Verschelde @fvsch

Turns out I had a Next.js app deployed on a shared hosting setup that got hacked by the recent React Server Components vulnerability (https://nextjs.org/blog/CVE-2025-66478).

It was a generic attack that was not well suited to my setup, so it looks like nothing bad happened, but I’ve had to do some cleanup.

Not my fave thing to do at 11:30 pm for 4 hours straight.

0
0
0
13h ago

Bluesky

UndercodeTesting @undercode.bsky.social

0
0
0
6h ago

CVE-2025-9491

Overview

Microsoft
Windows

26 Aug 2025

Published

05 Dec 2025

Updated

CVSS v3.0

HIGH (7.0)

EPSS

0.23%

MITRE

KEV

Description

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

Statistics

1 Post
2 Interactions

Last activity: 7 hours ago

Fediverse

#cryptohagen @cryptohagen

Microsoft har i al stilhed rettet en #0day sårbarhed i Windows LNK-fil-formatet

Sårbarheden, CVE-2025-9491, er blevet udnyttet af 22 hackergrupper siden sidste år

Rettelserne er blevet udrullet i små portioner siden juni

Microsoft afviste oprindeligt at rette problemet, efter at de blev underrettet om angrebene
https://blog.0patch.com/2025/12/microsoft-silently-patched-cve-2025.html

2
0
0
7h ago

CVE-2025-12635

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post

Last activity: Last hour

Bluesky

knaepp.bsky.social @knaepp.bsky.social

PH68243:IBM WebSphere Application Server is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4) https://tinyurl.com/24vwpd2o

0
0
0
Last hour

CVE-2025-9074

Overview

Docker
Docker Desktop

20 Aug 2025

Published

25 Sep 2025

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.01%

MITRE

KEV

Description

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.

Statistics

1 Post

Last activity: 9 hours ago

Bluesky

qian.cx @qiancx.bsky.social

当SSRF足以实现完全逃逸:深入解析Windows Docker Desktop漏洞CVE-2025-9074 https://qian.cx/posts/1E0B9F4D-5B18-48ED-8805-78EC74BD4F5D

0
0
0
9h ago

CVE-2025-55552

Overview

Pending

25 Sep 2025

Published

29 Sep 2025

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Statistics

1 Post

Last activity: 5 hours ago

Bluesky

SecQube | Harvey | AI Platform for MS Graph @secqube.com

CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. scq.ms/48Cnl39 #MicrosoftSecurity #cybersecurity

0
0
0
5h ago

CVE-2025-11379

Overview

roselldk
WebP Express

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

0.04%

MITRE

KEV

Description

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attackers to extract configuration data.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

Frehi @frehi

Moved from webp-express to avif-express on my Wordpress site because the former has a security vulnerability (CVE-2025-11379) and looks unmaintained.

#CVE_2025_11379 #webp #avif #wordpress

0
0
0
23h ago

Showing 1 to 10 of 28 CVEs