Release Notes
Start typing to search…
Back to All

December 8, 2025

1 day ago

Summary

Platform

  • Some fields are now grouped into aliases to make it easier to search across multiple fields at once. Aliases can be used in the Platform web UI or API. The complete list of aliases and their mapped fields is available in the documentation.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues.

New fingerprints

Added the following fingerprints.

Type

Name

Description

Query

software

Waku

This is a Waku instance.

Platform query

software

pgAdmin 4

This is a pgAdmin 4 instance, a web-based administration tool for PostgreSQL.

Platform query

software

Ferron Web Server

This is a Ferron web server.

Platform query

risk

React2Shell: Unauthenticated RCE in React Server Components [CVE-2025-55182]

This is a critical unauthenticated Remote Code Execution (RCE) flaw, dubbed "React2Shell" caused by insecure deserialization within the Flight protocol used by React Server Components. This risk broadly identifies exposed web services using RSC, but doesn't confirm vulnerability since versions are not available. Users must verify which package versions are running in their environments.

ASM query:

risks.name: `React2Shell: Unauthenticated RCE in React Server Components [CVE-2025-55182]`

risk

Vulnerable pgAdmin 4 [CVE-2025-12762]

This pgAdmin 4 server is running a version 9.9 or earlier that is vulnerable to CVE-2025-12762, a remote code execution (RCE) vulnerability. When restoring PLAIN-format dump files, an attacker can inject and execute arbitrary commands on the host, potentially leading to full system compromise of the pgAdmin host and downstream database environment.

ASM query:

risks.name: `Vulnerable pgAdmin 4 [CVE-2025-12762]`