React/Next.js 曝满分RCE漏洞,无需认证即可远程代码执行

近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。
CRN

React Server Vulnerability Is No Cause For Panic: Security Expert

A critical-severity vulnerability impacting the popular React open-source library deserves attention, but is far from the ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.
Dark Reading

Critical React Flaw Triggers Calls for Immediate Action

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service ...
GovInfoSecurity

Chinese Nation-State Groups Tied to 'React2Shell' Targeting

Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat ...
adtmag.com

React Native Gets a Button!

Believe it or not, React Native -- the popular JavaScript-based approach championed by Facebook for building iOS and Android apps -- didn't have a simple, core button component until last week's ...