eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances.
Earlier this week, the React team published a new security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting React Server Components. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug is now tracked as CVE-2025-55182, and was given a severity score of 10/10 (critical).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
February 27, 2024
Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, 2024, Mandiant observed mass attempts to exploit these vulnerabilities by a small number of China-nexus threat actors, and development of a mitigation bypass exploit targeting ...
- Malicious Apple Shortcuts could bypass security features to steal data
February 23, 2024
Apple Shortcuts could be used to steal sensitive data from Apple devices due to a high-severity vulnerability. Shortcuts is an app created by Apple that allows users to create customized task workflows on Apple devices and automate processes using a combination of built-in functions. Custom shortcuts can be exported and shared with other users, and shortcuts ...
- “To live is to fight, to fight is to live! – IBM ODM Remote Code Execution
February 22, 2024
In previous blogs, watchTowr researchers discussed some of the big players in the enterprise software space, but there is one that they have not mentioned before, that is – quite frankly – the heavy-weight champion of the world in terms of applications for large enterprises. With over a hundred years of experience, a founder and leader ...
- ClamAV’s VirusEvent Command Injection Vulnerability
February 22, 2024
SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability. ClamAV is a notable, open-source anti-virus engine, widely recognized for its comprehensive suite of security solutions. It offers an array of features, including web and email scanning capabilities, endpoint security, ...
- re: Zyxel VPN Series Pre-auth Remote Command Execution
February 21, 2024
On January 25, 2024, SSD Secure Disclosure posted a disclosure titled Zyxel VPN Series Pre-auth Remote Command Execution. The writeup describes an unauthenticated remote command injection vulnerability affecting Zyxel VPN firewalls. That caught VulnCheck researchers attention. The Zyxel VPN series has appeared on the CISA KEV four times now, and the original disclosure didn’t mention a ...
- Cybersecurity for satellites is a growing challenge, as threats to space-based infrastructure grow
February 20, 2024
In today’s interconnected world, space technology forms the backbone of our global communication, navigation and security systems. Satellites orbiting Earth are pivotal for everything from GPS navigation to international banking transactions, making them indispensable assets in our daily lives and in global infrastructure. However, as our dependency on these celestial guardians escalates, so too does their ...