React/Next.js 曝满分RCE漏洞,无需认证即可远程代码执行

近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。 该漏洞主要波及react-server-dom-webpack的Server Actions功能。由于在处理客户端提交的表单数据时,系统未能实施充分的安全性校验,导致攻击者能够通过精心设计的恶意表单请求 ...
Cybernews

React vulnerability hits crypto websites with drainers

As reported by Cybernews, the React vulnerability, which enables external attackers to run privileged, arbitrary code on ...

Hackers are exploiting a JavaScript library to plant crypto drainers

Hackers are exploiting a vulnerability in React to inject wallet-draining malware into cryptocurrency websites.
TechCrunch

React Demolishes Engineering Silos So Facebook Can Reuse Code For Web, iOS, And Android

It was supposed to take 18 months. But with React Native, Facebook built its iOS Ads Manager app in 5 months, and then ported it to Android in just 3 more months. That’s because React Native let ...
InfoQ中国 on MSN

紧急补丁——React服务器函数中的严重漏洞CVE-2025-55182被主动利用

11月29日, Lachlan Davidson 报告了React Server Components(RSC)中一个未经身份验证的远程代码执行(RCE)漏洞。该漏洞于12月3日公开披露,并被追踪为 CVE-2025-55182 ...
FinanceFeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers exploit a critical React JavaScript vulnerability, CVE-2025-55182, to deploy crypto wallet drainers on legitimate websites ...