Frost Checks First: Selective Exploitation
New CVE-2025-2611 attacks led us to a selective exploitation tool named frost that only fires when targets match precise fingerprints. VulnCheck's Canary Intelligence, EVI, and IP Intel exposed the CVEs involved, the operator's infrastructure, and the internet-exposed systems they can reach.
Critical vulnerability in React and Next.js (CVE-2025-55182)
On December 3, 2025, React developers disclosed CVE-2025-55182, an unauthenticated remote code execution vulnerability with a CVSS score of 10 that affects React Server Components and Next.js. This blog post provides an overview of the vulnerability, affected versions, research observations, and recommended actions.
Helping Improve and Scale the CVE Ecosystem Through the Lens of Security Research
VulnCheck is committed to accelerating visibility and improving data quality for defenders. We support the CVE Program and continue to expand our contributions by assigning CVE IDs to vulnerabilities observed by, discovered by, or reported to VulnCheck.
