React/Next.js 曝满分RCE漏洞,无需认证即可远程代码执行

近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。 该漏洞主要波及react-server-dom-webpack的Server Actions功能。由于在处理客户端提交的表单数据时,系统未能实施充分的安全性校验,导致攻击者能够通过精心设计的恶意表单请求 ...
Cybernews

Attackers exploit React2Shell vulnerability to target home CCTV, smart plugs, and TVs

React2Shell, a critical Node.js vulnerability, is driving massive global exploitation as attackers target smart devices and ...
腾讯网

朝鲜关联黑客组织利用React2Shell漏洞部署新型EtherRAT恶意软件

EtherRAT与C2服务器建立联系后,会进入每500毫秒执行一次的轮询循环,将任何超过10个字符的响应解释为要在受感染机器上运行的JavaScript代码。该恶意软件通过五种不同方法实现持久化: ...
Infosecurity Magazine

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean ...

Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

The Chinese are not the only ones exploiting React2Shell, a maximum-severity vulnerability that was recently discovered in ...
SecurityWeek

React2Shell Attacks Linked to North Korean Hackers

Attacks exploiting the recently emerged React vulnerability dubbed React2Shell appear to have been conducted by North Korean ...
InfoWorld

What is Node.js? The JavaScript runtime explained

Node.js is a lean, fast, cross-platform JavaScript runtime environment that is useful for both servers and desktop applications. Scalability, latency, and throughput are key performance indicators for ...