React2Shell (CVE-2025-55182/CVE-2025-66478)(react2shell.com)
react2shell.com
React2Shell (CVE-2025-55182/CVE-2025-66478)
https://react2shell.com/
3 コメント
It is very strange that this didn't make it to the front page of HN.
I've just received an email from DigitalOcean that my VPS/droplet had been used in a DDoS attack, and a few hours latter another email, again from DigitalOcean, saying that I'm running software that has a vulnerability with CVE score of 10. I guess not a lot of CVEs get a score of 10, and not for a framework as widespread as React and Next.
It has a note on invalid PoCs:
> We have seen a rapid trend of "Proof of Concepts" spreading which are not genuine PoCs.
> We have seen a rapid trend of "Proof of Concepts" spreading which are not genuine PoCs.
From the reporter of the React vulnerablility, Lachlan Davidson