Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Jan Schaumann @jschauma@mstdn.social

12/5/2025, 3:16:18 PM

Public

Yesterday, after various bogus AI slopped "PoC"s, eventually a functional PoC for the React RCE emerged:
https://github.com/msanft/CVE-2025-55182

We now have a PoC from the reporter of the vulnerability as well:
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

#react2shell

GitHub - msanft/CVE-2025-55182: Explanation and full RCE PoC for CVE-2025-55182

Explanation and full RCE PoC for CVE-2025-55182. Contribute to msanft/CVE-2025-55182 development by creating an account on GitHub.

github.com · GitHub

Jan Schaumann @jschauma@mstdn.social

12/11/2025, 9:29:25 PM

Public

If you just updated React / NextJS for #react2shell , you now get to update again. Two additional vulnerabilities identified in follow-up work were just published: CVE-2025-55183 (DoS), CVE-2025-55184 (Source Code Exposure)

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

https://nextjs.org/blog/security-update-2025-12-11

Denial of Service and Source Code Exposure in React Server Components – React

The library for web and native user interfaces

react.dev

If you have a fediverse account, you can quote this note from your own instance. Search https://mstdn.social/users/jschauma/statuses/115703058651440730 on your instance and quote it. (Note that quoting is not supported in Mastodon.)