Summary
- Use aliased fields in the Platform to search across multiple fields at once and quickly find relevant assets.
- New Rapid Response advisories and queries for:
- New software fingerprints for Waku, pgAdmin4, and Ferron web servers.
- New ASM risk fingerprints for React2Shell and pgAdmin4 CVE-2025-12762.
Platform
-
Some fields are now grouped into aliases to make it easier to search across multiple fields at once. Aliases can be used in the Platform web UI or API. The complete list of aliases and their mapped fields is available in the documentation.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues.
- Unauthenticated RCE Flaw in React Server Components [CVE-2025-55182]
- The following queries can be used to identify exposed React Server components.
- Critical XXE Injection Bug in Apache Tika [CVE-2025-66516]
- The queries below can identify potentially vulnerable Tika instances.
- pgAdmin4 Allows RCE via PLAIN-format Dump File Restore [CVE-2025-12762]
- The queries below can help identify potentially vulnerable pgAdmin4 instances.
New fingerprints
Added the following fingerprints.
| Type | Name | Description | Query |
|---|---|---|---|
| software | Waku | This is a Waku instance. | Platform query |
| software | pgAdmin 4 | This is a pgAdmin 4 instance, a web-based administration tool for PostgreSQL. | Platform query |
| software | Ferron Web Server | This is a Ferron web server. | Platform query |
| risk | React2Shell: Unauthenticated RCE in React Server Components [CVE-2025-55182] | This is a critical unauthenticated Remote Code Execution (RCE) flaw, dubbed "React2Shell" caused by insecure deserialization within the Flight protocol used by React Server Components. This risk broadly identifies exposed web services using RSC, but doesn't confirm vulnerability since versions are not available. Users must verify which package versions are running in their environments. | ASM query: risks.name: `React2Shell: Unauthenticated RCE in React Server Components [CVE-2025-55182]` |
| risk | Vulnerable pgAdmin 4 [CVE-2025-12762] | This pgAdmin 4 server is running a version 9.9 or earlier that is vulnerable to CVE-2025-12762, a remote code execution (RCE) vulnerability. When restoring PLAIN-format dump files, an attacker can inject and execute arbitrary commands on the host, potentially leading to full system compromise of the pgAdmin host and downstream database environment. | ASM query:risks.name: `Vulnerable pgAdmin 4 [CVE-2025-12762]` |