eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances.
Earlier this week, the React team published a new security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting React Server Components. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug is now tracked as CVE-2025-55182, and was given a severity score of 10/10 (critical).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Satori IoT botnet malware code given away for Christmas
January 2, 2018
A hacker has released the working code for a Huawei router exploit used by the Satori botnet over the holiday season as a freebie for cyberattackers seeking to target Huawei devices or bolster botnets. According to NewSky Security principal researcher Ankit Anubhav, the exploit’s code was released on Pastebin over the holiday season. Read more… Source: ZDNet
- Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
January 2, 2018
A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch ...
- MacOS LPE Exploit Gives Attackers Root Access
January 2, 2018
A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to a ...
- Huawei Router Vulnerability Used to Spread Mirai Variant
December 22, 2017
Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori. Researchers at Check Point published a report Thursday, and said the flaw is in Huawei’s router model HG532. It said it is tracking hundreds ...
- We need to talk about mathematical backdoors in encryption algorithms
December 15, 2017
Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to ...
- Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords
December 15, 2017
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ ...