A public service announcement regarding CVEs: one identified vulnerability gets one #CVE.
Each vendor doesn't get their own CVE that corresponds to their security bulletin.
CVE-2025-66478 is REJECTED as duplicate of CVE-2025-55182
#CVE_2025_66478 #CVE_2025_55182 #React #RCE #InfoSec
https://www.cve.org/CVERecord?id=CVE-2025-66478
Unauthenticated Remote Code Execution vulnerability in React Server Components #vuln #react [ https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ] #informatique
Critical Security Vulnerability in React Server Components
https://mander.xyz/post/42962066
😱 Oh no, another RCE vulnerability! Quick, run around in circles and panic about #React and Next.js being the end of the world. 😜 Don't worry, GitHub's magical AI Copilot will save the day by writing "better" code while you wish for a time machine to undo your poor framework choices. 🔧🛠️
https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp #RCEvulnerability #NextJS #GitHubCopilot #codinghumor #developerlife #HackerNews #ngated
Critical Security Vulnerability in #React Server Components 🍿
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
RCE Vulnerability in React and Next.js
https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
#HackerNews #RCE #Vulnerability #in #React #and #Next.js #ReactJS #NextJS #Vulnerability #Cybersecurity #SoftwareSecurity
New 10.0 CVSS vuln in react, specifically RCE in react server endpoints.
Seems to be affecting #react versions 19-19.2, discovered by https://lachlan.nz/blog, which is also where I assume we'll see their writeup!
Might post one later, we'll see.
Breaking news: 🚨 #React and Next.js are now less secure than a chocolate teapot! 🍫☕️ Apparently, if you remember how to run `createnextapp`, you might be seconds away from becoming a hacker's best friend. The solution? #Patch like your life depends on it! 🛠️💻
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 #Nextjs #Security #Vulnerability #HackerNews #HackerNews #ngated
RCE Vulnerability in React and Next.js
Link: https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
Discussion: https://news.ycombinator.com/item?id=46136026
🌗 React Server Components 驚現關鍵安全漏洞,恐致遠端程式碼執行
➤ 立即更新:React Server Components 漏洞危及伺服器安全
✤ https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
React 團隊發布重大安全警告,指出 React Server Components(RSC)中存在一項嚴重的遠端程式碼執行(RCE)漏洞,編號為 CVE-2025-55182,CVSS 評分為滿分的 10.0。此漏洞由 Lachlan Davidson 於 11 月 29 日通報,攻擊者可透過操縱傳送至 RSC 端點的資料,在未經授權的情況下遠端執行程式碼。即使應用程式未直接實作 RSC 端點,若支援 RSC,仍可能受影響。React 團隊已發布修補版本,建議使用者立即升級。文章也列出了受影響的框架(如 Next.js、React Router 等)及升級指示,並提
#React #安全漏洞 #伺服器元件 #遠端程式碼執行
Critical RCE Vulnerabilities in React and Next.js
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
#HackerNews #CriticalRCE #Vulnerabilities #React #Nextjs #Cybersecurity #Vulnerabilities #CVE-2025-55182