eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances.
Earlier this week, the React team published a new security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting React Server Components. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug is now tracked as CVE-2025-55182, and was given a severity score of 10/10 (critical).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security updates released for PostgreSQL
February 14, 2025
The PostgreSQL Global Development Group (also known as Postgres) has released an advisory to address a high severity vulnerability in PostgreSQL. PostgreSQL is a relational SQL database management system. CVE-2025-1094 is an ‘improper neutralisation of quoting syntax’ vulnerability with a CVSSv3 score of 8.1. If exploited, a remote unauthenticated attacker could achieve SQL injection via sending ...
- Active Exploitation of Critical Vulnerability Chain in SimpleHelp
February 14, 2025
SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on the network. The three vulnerabilities can be used in an exploit chain, which could allow a ...
- Ivanti Releases February 2025 Security Updates
February 12, 2025
Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...
- SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)
February 12, 2025
A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing CVE-2024-53704 on 07 January 2025. Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to ...
- Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’
February 10, 2025
On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” In the release notes for iOS 18.3.1 and iPadOS 18.3.1, the company said the vulnerability allowed the disabling of USB Restricted ...
- U.K. orders Apple to let it spy on users’ encrypted accounts
February 7, 2025
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not ...