CVE-2025-66478

Dec. 3, 2025, 6:15 p.m.

None

No Score

Description

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

Product(s) Impacted

Product	Versions
*	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

Tags

[email protected]

2025-12-03

CVE-2025-66478

Timeline

Published: Dec. 3, 2025, 6:15 p.m.
Last Modified: Dec. 3, 2025, 6:15 p.m.

Status : Rejected

CVE has been marked as "**REJECT**" in the CVE List. These CVEs are stored in the NVD, but do not show up in search results.

More info

Source

[email protected]

Relations

Here is the list of observables linked to the vulnerability CVE-2025-66478 using threat intelligence.

Kaiji
ANGRYREBEL.LINUX
HISONIC
EtherRAT
PeerBlight
ZinFoq
ShadowPad - S0596
CowTunnel
SNOWLIGHT
VShell
XMRig
MINOCAT
ShadowPad
COMPOOD

Linked Attack Reports

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3)

A critical vulnerability in Microsoft's Windows Server Update Services (WSUS) allows unauthenticated remote code execution with system privileges. Initially patched on October 14, 2025, the flaw required an emergency update on October 23 due to incomplete mitigation. Active exploitation was observe…

patch management

active exploitation

Published: December 7, 2025

Linked vulnerabilities : CVE-2024-36401, CVE-2025-32433 (CVSS 10.0), CVE-2025-52905 (CVSS 7.0), CVE-2025-52906 (CVSS 9.3), CVE-2025-52907 (CVSS 7.3), CVE-2025-59287 (CVSS 9.8), CVE-2025-53868 (CVSS 8.5), CVE-2025-61955 (CVSS 8.5), CVE-2025-57780 (CVSS 8.5), CVE-2025-55182 (CVSS 10.0), CVE-2025-66478, CVE-2025-21042

Downloadable IOCs: 1

PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182

A critical vulnerability in React Server Components (CVE-2025-55182) is being exploited across various organizations. Attackers are deploying cryptominer malware, a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based post-exploitation implant dubbed ZinFoq. Peer…

post-exploitation

Published: December 10, 2025

Linked vulnerabilities : CVE-2025-30406, CVE-2025-55182 (CVSS 10.0), CVE-2025-66478

Downloadable IOCs: 36

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

A critical remote code execution vulnerability in React Server Components, CVE-2025-55182, has been widely exploited by various threat actors. China-nexus espionage groups and financially motivated actors have been observed leveraging this vulnerability to deploy malware such as MINOCAT tunneler, S…

remote code execution

Published: December 13, 2025

Linked vulnerabilities : CVE-2025-55182 (CVSS 10.0), CVE-2025-66478, CVE-2025-55184 (CVSS 7.5), CVE-2025-55183 (CVSS 5.3), CVE-2025-67779 (CVSS 7.5)

Downloadable IOCs: 7

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182, also known as React2Shell, is a critical pre-authentication remote code execution vulnerability affecting React Server Components and related frameworks. With a CVSS score of 10.0, it allows attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP re…

remote code execution

Published: December 15, 2025

Linked vulnerabilities : CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065, CVE-2025-55182 (CVSS 10.0), CVE-2025-66478

Downloadable IOCs: 50

Weekly Threat Bulletin – January 28th, 2026

This weekly threat bulletin highlights several critical vulnerabilities and emerging threats. A severe RCE vulnerability in React Server Components and Next.js (CVE-2025-55182) is being actively exploited. CISA added four critical flaws to its 'Must-Patch' list, including vulnerabilities in Versa C…

oracle e-business suite

Published: January 28, 2026

Linked vulnerabilities : CVE-2025-24893 (CVSS 9.8), CVE-2023-1389, CVE-2025-31125 (CVSS 5.3), CVE-2025-34026 (CVSS 9.2), CVE-2025-54313 (CVSS 7.5), CVE-2025-61882 (CVSS 9.8), CVE-2025-55182 (CVSS 10.0), CVE-2025-66478, CVE-2025-55184 (CVSS 7.5), CVE-2025-55183 (CVSS 5.3), CVE-2025-68645 (CVSS 8.8), CVE-2025-13335 (CVSS 6.5), CVE-2025-13927 (CVSS 7.5), CVE-2025-13928 (CVSS 7.5), CVE-2026-0723 (CVSS 7.4), CVE-2026-1102 (CVSS 5.3)

Downloadable IOCs: 37

A Deep Dive Into Attempted Exploitation of CVE-2023-33538

Active exploitation attempts targeting CVE-2023-33538 in end-of-life TP-Link Wi-Fi routers were identified after CISA added it to the KEV catalog in June 2025. The vulnerability affects several router models including TL-WR940N, TL-WR740N, and TL-WR841N. Observed attacks attempted to deploy Mirai-l…

command injection

firmware analysis

iot exploitation

tp-link routers

Published: April 17, 2026

Linked vulnerabilities : CVE-2024-3400, CVE-2023-33538, CVE-2025-23304 (CVSS 7.8), CVE-2025-59287 (CVSS 9.8), CVE-2025-55182 (CVSS 10.0), CVE-2025-66478, CVE-2025-21042, CVE-2025-14847 (CVSS 8.7), CVE-2026-22584, CVE-2026-1281 (CVSS 9.8), CVE-2026-1340 (CVSS 9.8), CVE-2026-1731 (CVSS 9.9), CVE-2025-0921

Downloadable IOCs: 9

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored th…

buffer overflow

tunneling tools

Published: May 7, 2026

Linked vulnerabilities : CVE-2023-33538, CVE-2025-23304 (CVSS 7.8), CVE-2025-55182 (CVSS 10.0), CVE-2025-66478, CVE-2025-14847 (CVSS 8.7), CVE-2026-22584, CVE-2026-1281 (CVSS 9.8), CVE-2026-1340 (CVSS 9.8), CVE-2026-1731 (CVSS 9.9), CVE-2025-0921, CVE-2026-31431, CVE-2026-0300 (CVSS 9.3)

Downloadable IOCs: 4

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.