React 最高危漏洞曝光,开发者需紧急升级!

在科技的快速发展中,安全问题始终是开发者们无法忽视的隐患。今天凌晨,React团队发布了一则紧急通知,警告用户一个最高危漏洞(CVE-2025-55182)的出现,CVSS评分高达10.0分,标志着这一漏洞的危险程度相当于黑客能轻易在服务器上执行任意代码,简直是开发者的噩梦!
腾讯网

React2Shell漏洞深度剖析:一个撼动互联网的严重漏洞

来自Wiz、Palo Alto Networks旗下Unit 42、Google ...
腾讯网

Dify v1.11.1修复react重要漏洞,官方建议立即升级

Dify 将前端核心框架 react 和 react-dom 升级到了 19.2.3,并同步更新了 Next.js 的安全补丁。这次修复的是核心依赖库中已知的 CVE ...

gluestack by GeekyAnts Top Contender in Component Library Category— React Native Survey 2025

SAN FRANCISCO, Dec. 24, 2025 (GLOBE NEWSWIRE) -- gluestack by GeekyAnts secures #1 and #2 position in the Component Libraries ...
CoinDesk

New React bug that can drain all your tokens is impacting 'thousands of' websites

Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
InfoQ中国 on MSN

紧急补丁——React服务器函数中的严重漏洞CVE-2025-55182被主动利用

11月29日, Lachlan Davidson 报告了React Server Components(RSC)中一个未经身份验证的远程代码执行(RCE)漏洞。该漏洞于12月3日公开披露,并被追踪为 CVE-2025-55182 ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...
TechCentral.ie

State-linked groups target critical vulnerability in React Server Components

Researchers warn that critical vulnerabilities in Meta’s React Server Components and Next.js are under threat from botnets and state-linked adversaries. China-nexus threat groups, tracked as Earth ...