Hans-Christoph SteinerDec 10

Just to be sure, I scanned all apps on @fdroidorg and found no apps that used the libs vulnerable to #ReactServer #CVE-2025-55182 aka #React2Shell.

I'm no #Javascript nor #React dev though, maybe it was silly to scan apps for server components? In any case, #FDroid's data collection is easy to scan via scripts, so better safe than sorry.

PrivacyDigestDec 5

Maximum-severity #vulnerability threatens 6% of all #websites

#Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in #ReactServer , an open source package that’s widely used by websites and in cloud environments. The vulnerability is easy to #exploit and allows #hackers to execute #malicious code on #servers that run it.
#react

https://arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/

Admins and defenders gird themselves against maximum-severity server vuln

Open source React executes malicious code with malformed HTML, no auth needed.

Ars Technica
PressMind LabsDec 5

Krytyczna luka w React Server – jedno żądanie do RCE w chmurze

Jedno żądanie HTTP i cudzy kod ląduje na twoim serwerze. Brzmi jak urban legend z konferencji security?

Czytaj dalej:
https://pressmind.org/krytyczna-luka-w-react-server-jedno-zadanie-do-rce-w-chmurze/

#PressMindLabs #chmura #podatnosc #rce #reactserver #ssr