certfr_alerte - certfr-2025-ale-014

CERTFR-2025-ALE-014

Vulnerability from certfr_alerte - Published: 2025-12-05 - Updated: 2025-12-11

[Mise à jour du 11 décembre 2025]

Le CERT-FR a connaissance de multiples exploitations de la vulnérabilité CVE-2025-55182. Les serveurs avec une version vulnérable exposés après la publication des preuves de concept publiques du 5 décembre 2025 doivent être considérés comme compromis.

Certains billets de blogues [1] [2] incluent des indicateurs de compromission. Ces indicateurs n'ont pas été qualifiés par le CERT-FR.

[Mise à jour du 08 décembre 2025]

Le CERT-FR a connaissance d'exploitations pour la vulnérabilité CVE-2025-55182.

[Publication initiale]

Le 3 décembre 2025, React a publié un avis de sécurité relatif à la vulnérabilité CVE-2025-55182 affectant React Server Components et qui permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance. L'éditeur de Next.js a également publié un avis de sécurité faisant référence à l'identifiant CVE-2025-66478. Cet identifiant a été rejeté en raison du doublon avec l'identifiant utilisé par React. Cette faille de sécurité est également connue sous le nom de React2Shell.

Cette vulnérabilité concerne plus précisément les React Server Functions. Même si une application n'utilise pas explicitement de telles fonctions, elle peut être vulnérable si elle supporte les React Server Components. En particulier, plusieurs cadriciels tels que Next.js implémentent de telles fonctions par défaut.

Les technologies React Server Components et React Server Functions sont relativement récentes (la version 19 de React a été publiée fin 2024) et toutes les applications utilisant la technologie React ne sont ainsi pas nécessairement affectées. Veuillez vous référer à la section systèmes affectés pour plus d'informations.

Le CERT-FR a connaissance de preuves de concept publiques pour cette vulnérabilité et anticipe des exploitations en masse.

Note : Le CERT-FR a connaissance de la mise en place de règles de blocages de la vulnérabilité au niveau de plusieurs pare-feu applicatifs web populaires. Bien que ces mécanismes puissent rendre l'exploitation de la vulnérabilité plus difficile, ils ne peuvent pas remplacer une mise à jour vers une version corrective.

Solutions

Le CERT-FR recommande de mettre à jour au plus vite les composants vers les versions correctives listées dans les avis éditeurs (cf. section Documentation).

Impacted products

Vendor	Product	Description
N/A	N/A	Expo sans les versions correctives de react-server-dom-webpack
N/A	N/A	Redwood SDK versions antérieures à 1.0.0-alpha.0
Vercel	Next.js	Next.js versions 15.0.x antérieures à 15.0.5
N/A	N/A	Waku sans les versions correctives de react-server-dom-webpack
Vercel	Next.js	Next.js versions 15.1.x antérieures à 15.1.9
Vercel	Next.js	Next.js versions 15.5.x antérieures à 15.5.7
Meta	React	react-server-dom-webpack, react-server-dom-parcel et react-server-dom-turbopack versions 19.2.x antérieures à 19.2.1
Vercel	Next.js	Next.js versions 14.x canary
Vercel	Next.js	Next.js versions 15.3.x antérieures à 15.3.6
N/A	N/A	React router avec le support de l'API RSC sans les derniers correctifs de sécurité
Meta	React	react-server-dom-webpack, react-server-dom-parcel et react-server-dom-turbopack versions 19.0.x antérieures à 19.0.1
Vercel	Next.js	Next.js versions 15.4.x antérieures à 15.4.8
Meta	React	react-server-dom-webpack, react-server-dom-parcel et react-server-dom-turbopack versions 19.1.x antérieures à 19.1.2
Vercel	Next.js	Next.js versions 16.0.x antérieures à 16.0.7
N/A	N/A	Vitejs avec le greffon plugin-rsc sans les derniers correctifs de sécurité
Vercel	Next.js	Next.js versions 15.2.x antérieures à 15.2.6

References

Title

Publication Time

Tags

Billet de blogue React relatif à la vulnérabilité CVE-2025-55182	2025-12-03	vendor-advisory
Billet de blogue Vercel relatif à la vulnérabilité CVE-2025-55182	2025-12-03	vendor-advisory
Bulletin de sécurité Facebook CVE-2025-55182	2025-12-03	vendor-advisory
Compromission système - Qualification	-	other
Compromission système - Endiguement	-	other
Bulletin d'actualité CERTFR-2025-ACT-053 du 04 décembre 2025	-	other
[1] Billet de Blogue de Wiz.io, analyse et indicateurs de compromission	-	other
[2] Billet de Blogue de Huntress, analyse et indicateurs de compromission	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Expo sans les versions correctives de react-server-dom-webpack",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Redwood SDK versions ant\u00e9rieures \u00e0 1.0.0-alpha.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Next.js versions 15.0.x ant\u00e9rieures \u00e0 15.0.5",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "Waku sans les versions correctives de react-server-dom-webpack",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Next.js versions 15.1.x ant\u00e9rieures \u00e0 15.1.9",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "Next.js versions 15.5.x ant\u00e9rieures \u00e0 15.5.7",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "react-server-dom-webpack, react-server-dom-parcel et react-server-dom-turbopack versions 19.2.x ant\u00e9rieures \u00e0 19.2.1",
      "product": {
        "name": "React",
        "vendor": {
          "name": "Meta",
          "scada": false
        }
      }
    },
    {
      "description": "Next.js versions 14.x canary",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "Next.js versions 15.3.x ant\u00e9rieures \u00e0 15.3.6",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "React router avec le support de l\u0027API RSC sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "react-server-dom-webpack, react-server-dom-parcel et react-server-dom-turbopack versions 19.0.x ant\u00e9rieures \u00e0 19.0.1",
      "product": {
        "name": "React",
        "vendor": {
          "name": "Meta",
          "scada": false
        }
      }
    },
    {
      "description": "Next.js versions 15.4.x ant\u00e9rieures \u00e0 15.4.8",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "react-server-dom-webpack, react-server-dom-parcel et react-server-dom-turbopack versions 19.1.x ant\u00e9rieures \u00e0 19.1.2",
      "product": {
        "name": "React",
        "vendor": {
          "name": "Meta",
          "scada": false
        }
      }
    },
    {
      "description": "Next.js versions 16.0.x ant\u00e9rieures \u00e0 16.0.7",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    },
    {
      "description": "Vitejs avec le greffon plugin-rsc sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Next.js versions 15.2.x ant\u00e9rieures \u00e0 15.2.6",
      "product": {
        "name": "Next.js",
        "vendor": {
          "name": "Vercel",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": null,
  "content": "## Solutions\n\nLe CERT-FR recommande de mettre \u00e0 jour au plus vite les composants vers les versions correctives list\u00e9es dans les avis \u00e9diteurs (cf. section Documentation). ",
  "cves": [
    {
      "name": "CVE-2025-55182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
    },
    {
      "name": "CVE-2025-66478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66478"
    }
  ],
  "initial_release_date": "2025-12-05T00:00:00",
  "last_revision_date": "2025-12-11T00:00:00",
  "links": [
    {
      "title": "Compromission syst\u00e8me - Qualification",
      "url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-005/"
    },
    {
      "title": "Compromission syst\u00e8me - Endiguement",
      "url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-006/"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTFR-2025-ACT-053 du 04 d\u00e9cembre 2025",
      "url": "https://cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-053/"
    },
    {
      "title": "[1] Billet de Blogue de Wiz.io, analyse et indicateurs de compromission ",
      "url": "https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive"
    },
    {
      "title": "[2] Billet de Blogue de Huntress, analyse et indicateurs de compromission",
      "url": "https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell"
    }
  ],
  "reference": "CERTFR-2025-ALE-014",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-05T00:00:00.000000"
    },
    {
      "description": "Recherche de compromission, r\u00e9f\u00e9rences des fiches syst\u00e8me de qualification et endiguement",
      "revision_date": "2025-12-11T00:00:00.000000"
    },
    {
      "description": "connaissance d\u0027exploitations pour la vuln\u00e9rabilit\u00e9 CVE-2025-55182",
      "revision_date": "2025-12-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 11 d\u00e9cembre 2025]\u003c/span\u003e**\n\nLe CERT-FR a connaissance de multiples exploitations de la vuln\u00e9rabilit\u00e9 CVE-2025-55182. Les serveurs avec une version vuln\u00e9rable expos\u00e9s apr\u00e8s la publication des preuves de concept publiques du 5 d\u00e9cembre 2025 doivent \u00eatre consid\u00e9r\u00e9s comme compromis.\n\nCertains billets de blogues [1] [2] incluent des indicateurs de compromission. Ces indicateurs n\u0027ont pas \u00e9t\u00e9 qualifi\u00e9s par le CERT-FR.\n\n\n**[Mise \u00e0 jour du 08 d\u00e9cembre 2025]**\n\nLe CERT-FR a connaissance d\u0027exploitations pour la vuln\u00e9rabilit\u00e9 CVE-2025-55182.\n\n**[Publication initiale]**\n\nLe 3 d\u00e9cembre 2025, React a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-55182 affectant React Server Components et qui permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance. L\u0027\u00e9diteur de Next.js a \u00e9galement publi\u00e9 un avis de s\u00e9curit\u00e9 faisant r\u00e9f\u00e9rence \u00e0 l\u0027identifiant CVE-2025-66478. Cet identifiant a \u00e9t\u00e9 rejet\u00e9 en raison du doublon avec l\u0027identifiant utilis\u00e9 par React. Cette faille de s\u00e9curit\u00e9 est \u00e9galement connue sous le nom de *React2Shell*. \n\nCette vuln\u00e9rabilit\u00e9 concerne plus pr\u00e9cis\u00e9ment les React Server Functions. M\u00eame si une application n\u0027utilise pas explicitement de telles fonctions, elle peut \u00eatre vuln\u00e9rable si elle supporte les React Server Components. En particulier, plusieurs cadriciels tels que Next.js impl\u00e9mentent de telles fonctions par d\u00e9faut. \n\nLes technologies React Server Components et React Server Functions sont relativement r\u00e9centes (la version 19 de React a \u00e9t\u00e9 publi\u00e9e fin 2024) et toutes les applications utilisant la technologie React ne sont ainsi pas n\u00e9cessairement affect\u00e9es. Veuillez vous r\u00e9f\u00e9rer \u00e0 la section syst\u00e8mes affect\u00e9s pour plus d\u0027informations.\n\nLe CERT-FR a connaissance de preuves de concept publiques pour cette vuln\u00e9rabilit\u00e9 et anticipe des exploitations en masse.\n\n*Note : Le CERT-FR a connaissance de la mise en place de r\u00e8gles de blocages de la vuln\u00e9rabilit\u00e9 au niveau de plusieurs pare-feu applicatifs web populaires. Bien que ces m\u00e9canismes puissent rendre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 plus difficile, ils ne peuvent pas remplacer une mise \u00e0 jour vers une version corrective.* ",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans React Server Components",
  "vendor_advisories": [
    {
      "published_at": "2025-12-03",
      "title": "Billet de blogue React relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-55182",
      "url": "https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components"
    },
    {
      "published_at": "2025-12-03",
      "title": "Billet de blogue Vercel relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-55182",
      "url": "https://vercel.com/changelog/cve-2025-55182"
    },
    {
      "published_at": "2025-12-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Facebook CVE-2025-55182",
      "url": "https://www.facebook.com/security/advisories/cve-2025-55182"
    }
  ]
}

CVE-2025-55182 (GCVE-0-2025-55182)

Vulnerability from cvelistv5 – Published: 2025-12-03 15:40 – Updated: 2025-12-11 20:15

Summary

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Deserialization of Untrusted Data (CWE-502)

Assigner

Meta

react-server-dom-webpack

Affected: 19.0.0 , ≤ 19.0.0 (semver)
Affected: 19.1.0 , ≤ 19.1.1 (semver)
Affected: 19.2.0 , ≤ 19.2.0 (semver)

	Meta	react-server-dom-turbopack	Affected: 19.0.0 , ≤ 19.0.0 (semver) Affected: 19.1.0 , ≤ 19.1.1 (semver) Affected: 19.2.0 , ≤ 19.2.0 (semver)
	Meta	react-server-dom-parcel	Affected: 19.0.0 , ≤ 19.0.0 (semver) Affected: 19.1.0 , ≤ 19.1.1 (semver) Affected: 19.2.0 , ≤ 19.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55182",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-12-05",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-06T04:55:42.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "media-coverage"
            ],
            "url": "https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-12-05T00:00:00+00:00",
            "value": "CVE-2025-55182 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-04T17:32:12.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/03/4"
          },
          {
            "url": "https://news.ycombinator.com/item?id=46136026"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "react-server-dom-webpack",
          "vendor": "Meta",
          "versions": [
            {
              "lessThanOrEqual": "19.0.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.1.1",
              "status": "affected",
              "version": "19.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.2.0",
              "status": "affected",
              "version": "19.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "react-server-dom-turbopack",
          "vendor": "Meta",
          "versions": [
            {
              "lessThanOrEqual": "19.0.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.1.1",
              "status": "affected",
              "version": "19.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.2.0",
              "status": "affected",
              "version": "19.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "react-server-dom-parcel",
          "vendor": "Meta",
          "versions": [
            {
              "lessThanOrEqual": "19.0.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.1.1",
              "status": "affected",
              "version": "19.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.2.0",
              "status": "affected",
              "version": "19.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "dateAssigned": "2025-12-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Deserialization of Untrusted Data (CWE-502)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-11T20:15:37.699Z",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "Meta"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.facebook.com/security/advisories/cve-2025-55182"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "Meta",
    "cveId": "CVE-2025-55182",
    "datePublished": "2025-12-03T15:40:56.894Z",
    "dateReserved": "2025-08-08T18:21:47.119Z",
    "dateUpdated": "2025-12-11T20:15:37.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66478 (GCVE-0-2025-66478)

Vulnerability from cvelistv5 – Published: – Updated: 2025-12-03 18:04

This CVE is a duplicate of CVE-2025-55182.

Replaced by CVE-2025-55182

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-12-03T18:04:08.459Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE is a duplicate of CVE-2025-55182."
        }
      ],
      "replacedBy": [
        "CVE-2025-55182"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66478",
    "dateRejected": "2025-12-03T18:04:08.459Z",
    "dateReserved": "2025-12-02T17:09:52.015Z",
    "dateUpdated": "2025-12-03T18:04:08.459Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-ALE-014

Solutions

CVE-2025-55182 (GCVE-0-2025-55182)

CVE-2025-66478 (GCVE-0-2025-66478)

Tags

Sightings

Nomenclature