Kevin BeaumontDec 3

There is an unauthenticated remote code execution vulnerability in React Server Components.

Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

If your app’s React code does not use a server, your app is not affected by this vulnerability.

CVE-2025-55182

Mastodon server not impacted btw.

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Critical Security Vulnerability in React Server Components – React

The library for web and native user interfaces

Show threadMemoryLeechDec 5

@GossiTheDog

Potential exploitation being seen itw, no surprise the miners may be first past the post.

Show threadMemoryLeech

@GossiTheDog

Regular/rudimentary detection's may pickup post ex in this case. Look for file downloads from hardcoded domains (generally sus outside of some special cases) using your fav wget/curl etc.

Dec 5 at 3:05pmWeb