January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
In total, three vulnerabilities:
🔻 EoP – Windows Cloud Files Mini Filter Driver (CVE-2025-62221)
🔻 RCE – React Server Components “React2Shell” (CVE-2025-55182)
🔻 InfDisc – MongoDB “MongoBleed” (CVE-2025-14847)
About Remote Code Execution – React Server Components “React2Shell” (CVE-2025-55182) vulnerability. React is a popular open-source JavaScript framework; to improve application performance, it allows part of the logic to be executed on the server via React Server Components (RSC). By exploiting insecure deserialization in RSC, an unauthenticated attacker can achieve server-side code execution via a crafted HTTP request.
⚙️ React fixes were released on December 3. Other frameworks that embed React are also vulnerable, including Next.js, React Router, Expo, Redwood SDK, Waku, and others.
🛠 Public exploits have been available since December 3; by December 19, GitHub hosted 250+ exploit and scanner projects. 😮
👾 Attacks are widespread and have been observed since December 5; listed in CISA KEV Dec 9.
🌐 Shadowserver reports 100k+ vulnerable hosts; RuNet estimates range from 10k to 40k+. 🤔
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.