#insecure-deserialization

[ follow ]
#remote-code-execution #cve-2025-55182 #react-server-components #cloudflare #react2shell
Information security
fromThe Hacker News
1 week ago

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

A critical RSC deserialization vulnerability (CVE-2025-55182, React2Shell) enables unauthenticated remote code execution; patches released for react-server-dom packages and affected downstream frameworks.
Information security
fromTheregister
1 week ago

Cloudflare blames Friday outage on borked React2shell fix

Cloudflare intentionally took down its network to patch the critical React2Shell vulnerability, causing a major outage while denying any cyber attack caused it.
Information security
fromThe Hacker News
1 month ago

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP released patches for 13 vulnerabilities including a CVSS 10.0 insecure deserialization in NetWeaver AS Java enabling arbitrary OS command execution.
fromThe Hacker News
3 months ago

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 - Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach Patches for the first two shortcomings were released by Sitecore in June and for the third in July 2025, with the company stating that "successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information."
Information security
[ Load more ]