1. CVE-2025-55182｜React Server Components
   • https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
   • http://nvd.nist.gov/vuln/detail/CVE-2025-55182
   • https://www.facebook.com/security/advisories/cve-2025-55182
   • https://www.akamai.com/blog/security-research/2025/dec/cve-2025-55182-react-nextjs-server-functions-deserialization-rce
   • https://aws.amazon.com/jp/security/security-bulletins/rss/aws-2025-030/
   • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb
   • RCE。盛り上がっとる。
2. CVE-2025-13633｜Chrome
   • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
   • https://nvd.nist.gov/vuln/detail/CVE-2025-13633
   • Use after free。Type Confusionが多いし今回も含んでいるがuse after freeは久しぶりな気がする。
3. CVE-2025-48633｜Android
   • https://source.android.com/docs/security/bulletin/2025-12-01?hl=ja
   • https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48633
   • https://www.security-next.com/177901
   • 情報漏洩。他にCVE-2025-48572(権限昇格)やCVE-2025-48631(DoS)も。
4. CVE-2025-64775｜Apache Struts
   • https://cwiki.apache.org/confluence/display/WW/S2-068
   • https://nvd.nist.gov/vuln/detail/CVE-2025-64775
   • DoS。
5. CVE-2025-58098｜Apache HTTP Server
   • https://httpd.apache.org/security/vulnerabilities_24.html#2.4.66
   • https://jvn.jp/vu/JVNVU97286548/
   • コード実行っぽい？条件あり。