慢雾 CISO：React/Next.js 最新远程代码执行漏洞出现新攻击链，DeFi 平台需注意安全风险

链捕手

Dec 05, 2025

ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台发文称，鉴于 React/Next.js 最新远程代码执行漏洞出现新的攻击链，攻击成功率会大幅提升，目前大量 DeFi 平台使用 React，受此漏洞影响的会有很多，各个 DeFi 平台务必注意安全风险。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2589573888"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2589573888\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2589573888?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-12-05 10:53","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2589573888","market":"us","top_or_hot":-1,"title":"慢雾 CISO：React/Next.js 最新远程代码执行漏洞出现新攻击链，DeFi 平台需注意安全风险","media":"链捕手","content":"<html><body><p>ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台发文称，鉴于 React/Next.js 最新远程代码执行漏洞出现新的攻击链，攻击成功率会大幅提升，目前大量 DeFi 平台使用 React，受此漏洞影响的会有很多，各个 DeFi 平台务必注意安全风险。</p></body></html>","source":null,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>慢雾 CISO：React/Next.js 最新远程代码执行漏洞出现新攻击链，DeFi 平台需注意安全风险</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n慢雾 CISO：React/Next.js 最新远程代码执行漏洞出现新攻击链，DeFi 平台需注意安全风险\n</h2>\n\n<h4 class=\"meta\">\n\n\n<a class=\"head\" href=\"https://laohu8.com/wemedia/1041503808\">\n\n\n<div class=\"h-thumb\" style=\"background-image:url(https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5);background-size:cover;\"></div>\n\n<div class=\"h-content\">\n<p class=\"h-name\">链捕手 </p>\n<p class=\"h-time\">2025-12-05 10:53</p>\n</div>\n\n</a>\n\n\n</h4>\n\n</header>\n<article>\n<html><body><p>ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台发文称，鉴于 React/Next.js 最新远程代码执行漏洞出现新的攻击链，攻击成功率会大幅提升，目前大量 DeFi 平台使用 React，受此漏洞影响的会有很多，各个 DeFi 平台务必注意安全风险。</p></body></html>\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4134","symbol_name":"信息科技咨询与其它服务","start_time":0,"source_url":"https://www.chaincatcher.com/article/2226507","article_id":"2589573888","we_media_id":"1041503808","thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2589573888","pubTimestamp":1764903226,"columns":[],"sourceInfo":null,"weMediaInfo":{"media_name":"链捕手","introduction":"链捕手ChainCatcher 成立于 2018 年，是一家领先的中文 Web3 媒体及数据服务商。","home_visible":1,"id":"1041503808","head_image":"https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5"},"summary":" ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台发文称，鉴于 React/Next.js 最新远程代码执行漏洞出现新的攻击链，攻击成功率会大幅提升，目前大量 DeFi 平台使用 React，受此漏洞影响的会有很多，各个 DeFi 平台务必注意安全风险。 ","collect":0,"end_time":0,"defaultTopTitle":"","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4134":"信息科技咨询与其它服务","CISO":"CISO Global"},"translate_title":"Slow fog CISO: React/Next.js latest remote code execution vulnerability has a new attack chain, and DeFi platforms need to pay attention to security risks","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"CISO":1.5},"content_text":"ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台发文称，鉴于 React/Next.js 最新远程代码执行漏洞出现新的攻击链，攻击成功率会大幅提升，目前大量 DeFi 平台使用 React，受此漏洞影响的会有很多，各个 DeFi 平台务必注意安全风险。","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}