Best of VulnerabilityDecember 2025

  1. 1
    Article
    Avatar of collectionsCollections·19w

    Critical Vulnerability in React Server Components: Immediate Action Required

    React2Shell (CVE-2025-55182) is a critical remote code execution vulnerability with a CVSS score of 10.0, affecting React 19.0-19.2.0 and Next.js 15.x-16.x. The flaw stems from unsafe deserialization in React's Flight protocol, allowing unauthenticated attackers to execute arbitrary code through crafted HTTP requests. State-sponsored groups and cybercriminals are actively exploiting it to deploy cryptocurrency miners and backdoors. Organizations must upgrade to patched versions (React 19.0.1+, Next.js 15.0.5+) immediately, as the vulnerability impacts 39% of cloud environments and 6% of all websites. WAF rules and endpoint restrictions provide temporary mitigation.

  2. 2
    Video
    Avatar of fireshipFireship·18w

    React.js shell shocked by 10.0 critical vulnerability…

    A critical 10.0 severity vulnerability (CVE-2025-55182) dubbed "React2shell" has been discovered in React's server components flight protocol. The exploit allows attackers to achieve remote code execution without authentication by sending malicious payloads that are deserialized on the server. The vulnerability affects millions of React applications using Next.js and similar frameworks, with over 2 million vulnerable servers estimated. Security researchers observed active exploitation attempts from Chinese hacking groups within hours of disclosure. Developers should immediately check their React server components package versions and update to patched versions.

  3. 3
    Article
    Avatar of thnThe Hacker News·18w

    React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

    CISA has accelerated the patching deadline for React2Shell (CVE-2025-55182), a critical vulnerability with a CVSS score of 10.0 affecting React Server Components and frameworks like Next.js. The flaw allows unauthenticated remote code execution through unsafe deserialization. Since disclosure on December 3, 2025, threat actors have conducted widespread exploitation with over 35,000 attempts recorded in a single day, targeting government sites, critical infrastructure, and technology companies. Over 137,000 vulnerable IP addresses remain exposed globally, with attackers deploying cryptocurrency miners, botnet malware, and conducting reconnaissance for supply chain attacks.

  4. 4
    Article
    Avatar of securityboulevardSecurity Boulevard·19w

    Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk

    A stack buffer overflow vulnerability in Firefox's WebAssembly implementation went undetected for six months, affecting over 180 million users across versions 143-145. The flaw, caused by a pointer arithmetic error in garbage collection logic, passed code review and regression testing before being discovered by Aisle's AI-driven analyzer. Mozilla patched the high-severity issue (CVE-2025-13016, CVSS 7.5) within two weeks of disclosure. The vulnerability could have allowed arbitrary code execution when WebAssembly arrays triggered specific memory pressure conditions during garbage collection.

See all Vulnerability archives