Remote code execution flaws are among the most prevalent and critical vulnerabilities in software today. Some of the most high-profile cybersecurity events in history — including the 2021 Log4Shell Log4j library vulnerability, the Apache Struts vulnerability that led to the 2017 Equifax breach and the 2014 Shellshock Bash vulnerability — were attributed to RCE flaws.
RCE exploits aren’t new — in fact, they have existed for decades. The result of coding errors, configuration issues or insecure input handling, these popular targets enable attackers to execute malicious code on a target system. As of Dec. 4, more than 20% of the entries in CISA’s Known Exploited Vulnerabilities catalog are related to RCEs.
This week’s featured news looks at a few of the latest RCEs and their impact.
Critical React vulnerability enables RCE in cloud environments
A maximum-severity vulnerability in React, a popular open source JavaScript library that was developed at Facebook (now Meta) and released as open source in 2013, has raised alarms due to its potential to enable RCE in numerous cloud environments.
Two CVEs — CVE-2025-55182 and CVE-2025-66478 — highlight unsafe deserialization in React Server Components and its downstream effect on the Next.js framework.
Both vulnerabilities received a CVSS score of 10, enabling attackers to exploit servers with crafted HTTP requests. Meta and React teams released fixes and urged organizations to update React and Next.js versions immediately. Cloud connectivity vendor Cloudflare implemented proactive web application firewall rules to block exploitation, while cloud security platform vendor Wiz reported that 39% of cloud environments remain vulnerable, emphasizing the urgency of mitigation.
Read the full story by Rob Wright on Dark Reading.
ShadyPanda exploits browser extensions to target millions
A sophisticated malware campaign by the China-based group ShadyPanda has infected 4.3 million Chrome and Edge users through malicious browser extensions. The extensions, disguised as legitimate tools, were weaponized with updates enabling RCE, letting attackers exfiltrate browsing histories, search queries and credentials.
Researchers uncovered multiple extensions, including Clean Master and WeTab, that monitor user activity and transmit data to servers in China.
Despite removal efforts by Google and Microsoft, the attackers’ systematic exploitation of review processes highlights ongoing vulnerabilities in the security of browser extensions.
Read the full story by Jai Vijayan on Dark Reading.
Critical Oracle Identity Manager flaw exploited in the wild
A severe RCE vulnerability, CVE-2025-61757, in Oracle Identity Manager has been actively exploited, posing significant risks to Oracle Fusion Middleware customers.
Discovered by researchers from security vendor Assetnote, the flaw stems from exposed REST APIs and authentication bypass issues, enabling attackers to exploit web routes with simple modifications, such as adding a semicolon to URLs.
The vulnerability, which received a CVSS score of 9.8, was patched in Oracle’s October update but remains under active exploitation.
Read the full story by Rob Wright on Dark Reading.
How to prevent and mitigate RCE flaws
Editor’s note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of Informa TechTarget’s SearchSecurity site.
