React/Next.js 曝满分RCE漏洞,无需认证即可远程代码执行

近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。
Cybernews

Compromised Next.js devices weaponized by attackers: thousands remain vulnerable

Security researchers warn that hundreds of compromised Next.js devices are attacking others, and tens of thousands of servers ...

React 警告关键高危漏洞:可未经身份验证远程执行代码,快快升级

此漏洞被披露为 CVE-2025-55182,并被评为 CVSS 10.0。React Server Functions 允许客户端调用服务器上的函数,React 将客户端的请求转换为 HTTP 请求,并将这些请求转发到服务器。在服务器上,React 将 HTTP 请求转换为函数调用,并将所需数据返回给客户端。 未经身份验证的攻击者可以构造一个恶意的 HTTP 请求,发送到任何 Server ...

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...

慢雾 CISO:React/Next.js 新漏洞或波及大量 DeFi 平台

吴说获悉,慢雾首席信息安全官 23pds 发推表示,鉴于 React/Next.js 最新远程代码执行漏洞已出现新的攻击链,相关攻击成功率将显著提升。由于目前大量 DeFi 平台使用 React,该漏洞可能影响范围广泛,各 DeFi 平台需防范相关安全风险。
InfoWorld

What is Node.js? The JavaScript runtime explained

Node.js is a lean, fast, cross-platform JavaScript runtime environment that is useful for both servers and desktop applications. Scalability, latency, and throughput are key performance indicators for ...
IT-Online

Full Stack Developer (Node.js, Electron, React Native) (Remote)

THE coding talents of a seasoned Full Stack Developer who thrives on building efficient, lean systems that work in the real world — not just the cloud, is wanted by our client, a dynamic provider of ...