Critical Vulnerability in React and Next.js (CVE-2025-55182)

TLDR: On December 3, 2025, React disclosed CVE-2025-55182, a critical remote code execution vulnerability (CVSS 10) in React Server Components due to unsafe deserialization. Affects React versions 19.0-19.2.0; fixed in 19.0.1, 19.1.2, 19.2.1. Next.js versions 15.0.5-15.5.7 and 16.0.7 also need updates. Vulnerability allows remote exploitation without authentication.

https://www.vulncheck.com/blog/cve-2025-55182-react-nextjs

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top