Critical security flaw in React Server Components (CVE-2025-55182) allows unauthenticated remote code execution, affecting multiple React versions. Exploitable due to unsafe deserialization, attackers can craft HTTP requests to execute arbitrary JavaScript. This impacts versions of React libraries and Next.js. Patches are available; users advised to update and monitor for suspicious traffic until then. Various cloud providers have implemented protective measures.
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

