Movim • Maximum-severity vulnerability threatens 6% of all websites

Ar chevron_right

Maximum-severity vulnerability threatens 6% of all websites

news.movim.eu / ArsTechnica • 3 December 2025

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open source package that’s widely used by websites and in cloud environments. The vulnerability is easy to exploit and allows hackers to execute malicious code on servers that run it.

React is embedded in web apps running on servers so that remote devices render JavaScript and content more quickly and with fewer resources. React is used by an estimated 6 percent of all websites and 39 percent of cloud environments. When end users reload a page, React allows servers to re-render only parts that have changed, a feature that drastically speeds up performance and lowers the computing resources required by the server.

A perfect 10

Security firm Wiz said exploitation requires only a single HTTP request and had a “near-100% reliability” in its testing. Multiple software frameworks and libraries embed React implementations by default. As a result, even when apps don’t explicitly make use of React functionality, they can still be vulnerable, since the integration layer invokes the buggy code.

Read full article

Comments

Ar chevron_right

Maximum-severity vulnerability threatens 6% of all websites

news.movim.eu / ArsTechnica • 3 December 2025

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open source package that’s widely used by websites and in cloud environments. The vulnerability is easy to exploit and allows hackers to execute malicious code on servers that run it.

React is embedded in web apps running on servers so that remote devices render JavaScript and content more quickly and with fewer resources. React is used by an estimated 6 percent of all websites and 39 percent of cloud environments. When end users reload a page, React allows servers to re-render only parts that have changed, a feature that drastically speeds up performance and lowers the computing resources required by the server.

A perfect 10

Security firm Wiz said exploitation requires only a single HTTP request and had a “near-100% reliability” in its testing. Multiple software frameworks and libraries embed React implementations by default. As a result, even when apps don’t explicitly make use of React functionality, they can still be vulnerable, since the integration layer invokes the buggy code.

Read full article

Comments

Ar chevron_right

Maximum-severity vulnerability threatens 6% of all websites

news.movim.eu / ArsTechnica • 3 December 2025

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open source package that’s widely used by websites and in cloud environments. The vulnerability is easy to exploit and allows hackers to execute malicious code on servers that run it.

React is embedded in web apps running on servers so that remote devices render JavaScript and content more quickly and with fewer resources. React is used by an estimated 6 percent of all websites and 39 percent of cloud environments. When end users reload a page, React allows servers to re-render only parts that have changed, a feature that drastically speeds up performance and lowers the computing resources required by the server.

A perfect 10

Security firm Wiz said exploitation requires only a single HTTP request and had a “near-100% reliability” in its testing. Multiple software frameworks and libraries embed React implementations by default. As a result, even when apps don’t explicitly make use of React functionality, they can still be vulnerable, since the integration layer invokes the buggy code.

Read full article

Comments