SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9724.mp3

previous

CDN Headers; React Vulnerabiity; PickleScan Patch

00:00

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Login here to join the discussion.

Podcast Transcript

 Hello and welcome to the Thursday, December 4th, 2025
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich, recording today from Dallas,
 Texas. And this episode is brought to you by the SANS.edu
 credit certificate program in cloud security. In diaries
 today, I wrote about some observations from our web
 application Honeypots. Lately, we have seen a number of
 requests that included various headers that looked like these
 requests went through CDNs like Cloudflare, Fastly,
 Akamai, and others. This could have a number of different
 reasons. My first guess is that there's an attempt to
 bypass CDNs. Many websites are behind CDNs like Cloudflare,
 Fastly, and rely on them for some basic filtering and also
 denial of service protection. The problem is that often it's
 not too terribly difficult to figure out the actual IP
 address that a website is being hosted on. And then an
 attacker may connect to the web server directly without
 going through the CDN. Now, some web applications protect
 themselves from this bypass by checking if the requests
 include specific headers that are being added by the CDN.
 Now, if you're doing this right, there are specific
 headers that you're supposed to use that contain like
 random values that the attacker isn't supposed to be
 able to predict. And that way, you can reject some of these
 bypass requests. But my assumption at this point is
 that at least to some extent, well, attackers hope that
 you're not checking all that carefully. Also, there is a
 chance that some of these requests actually went through
 the CDN. And that, for example, some of these headers
 are implicating that a request went through Cloudflare's warp
 system, which is kind of like a VPN and could be used by an
 attacker to actually obfuscate the origin of some of these
 attacks. And if you are running a website that takes
 advantage of React, particular React server components, well,
 I have some bad news for you. There is a critical
 vulnerability that was patched today that you must patch
 quickly. This vulnerability was originally discovered last
 weekend. React was really fast in rolling out a patch for
 this vulnerability. Even if you don't implement any React
 server functions, just having React server components
 installed and enabled will make your application
 vulnerable. That also then includes various additional
 frameworks that are enabling React server components for
 you, like, for example, Next.js. Next.js assigned its own
 CVE number to this vulnerability, but
 fundamentally same vulnerability, and it's a
 basic React vulnerability. So again, patches have been
 released. I have seen various supposed exploits for this
 vulnerability being posted. Haven't really been able to
 verify any of them. Some of them certainly look somewhat
 fishy, and again, be careful with any sort of high news
 vulnerability like this. We tend also to have some fake
 exploits being released that really just exploit whoever is
 running the particular script. So not sure if we have a
 working public exploit at this point, but a lot of details
 have been already discussed about this vulnerability. It's
 basically a deserialization vulnerability. And based on
 the patch, there has already been a lot of decent
 speculation about how to exploit this vulnerability. So
 likely some of these exploits that I have seen being posted
 are at least partially working. The security company
 WIS has also published a blog post about it and state that
 they have been able to create a reliable exploit for this
 vulnerability. So speed really matters in this case. You must
 have this patched before the weekend, and even that is
 probably not quite fast enough. Assume compromise at
 this point for your application, because by the
 time you're listening to this, well, it's probably already
 Thursday morning, which means sort of 12 hours later. And at
 that point, I would expect a working exploit to be publicly
 available and already being used to scan the internet for
 any vulnerable systems. And then we have a number of
 vulnerabilities in a security tool that many users of AI
 models are relying on to test if the AI models they're using
 are safe. The problem that this tool pickle scan is
 attempting to address is that when you're downloading a
 model for use with PyTorch, you're typically downloading a
 pickle file, which essentially is Python code. And with that,
 there's always the usual deserialization problem that
 some of that Python code may actually execute and not just
 contain data or weights in AI speak. Well, a pickle scan
 itself is a decent tool, well respected. However, it did
 suffer from a number of basic vulnerabilities. For example,
 one of the three vulnerabilities relates to zip
 files where a bad CRC checksum could prevent pickle scan from
 outright scanning the entire file. And with that, the file
 would actually still be used and could contain malicious
 code. There is an update available. So if you're
 relying on pickle scan to screen your models before
 you're using them, well, please update. But realize
 that tools like this in general have various bypass
 vulnerabilities. So some sound judgment in what models you're
 using is still appropriate. Well, and that's it for today.
 So thanks for listening. Thanks for liking. Thanks for
 subscribing. And as always, special thanks for leaving
 good comments in your favorite podcast platform. And talk to
 you again tomorrow. Bye.