1. Home
  2. Vulnerabilities
  3. CVE-2025-55182
Known Exploited Vulnerability
10.0
CRITICAL CVSS 3.1
CVE-2025-55182
Meta React Server Components Remote Code Execution Vulnerability - [Actively Exploited]
Overview
Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Details
INFO

Published Date :

Dec. 3, 2025, 4:15 p.m.

Last Modified :

Dec. 6, 2025, 2 a.m.

Remotely Exploit :

No

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Known Detected Feb 26, 2026

Notes :

Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, please see: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://github.com/vercel-labs/fix-react2shell-next?tab=readme-ov-file ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182

Impact
Affected Products

The following products are affected by CVE-2025-55182 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Vercel next.js
1 Facebook react
: Total Affected Vendor : 2 | Products : 2
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 4fc57720-52fe-4431-a0fb-3d2c8747b827
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL MITRE-CVE
Solution
Update React Server Components to a patched version to fix unsafe deserialization.
  • Update React Server Components to a secure version.
  • Remove vulnerable packages like react-server-dom-parcel.
  • Apply security patches for affected packages.
  • Validate server function endpoint security.
Public PoC/Exploit Available at Github

CVE-2025-55182 has a 1089 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-55182.

URL Resource
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components Patch Vendor Advisory
https://www.facebook.com/security/advisories/cve-2025-55182 Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/12/03/4 Mailing List Patch Third Party Advisory
https://news.ycombinator.com/item?id=46136026 Issue Tracking
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-55182 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-55182 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
RBKD-SEC/POC

None

Python Makefile C Shell

Updated: 2 days, 10 hours ago
0 stars 0 fork 0 watcher
Born at : May 11, 2026, 9:43 a.m. This repo has been linked 5 different CVEs too.
Profile Photo
mehakraturi7-netizen/ems-app

None

JavaScript TypeScript PLpgSQL CSS

Updated: 4 days, 11 hours ago
0 stars 0 fork 0 watcher
Born at : May 9, 2026, 11:34 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
JPeer264/zero-trust-example

None

Dockerfile JavaScript Go Template

Updated: 6 days, 9 hours ago
0 stars 0 fork 0 watcher
Born at : May 7, 2026, 4:12 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
xitexploiter96-dot/Ntemplatesbyxit

None

Updated: 6 days, 9 hours ago
0 stars 0 fork 0 watcher
Born at : May 7, 2026, 3:36 p.m. This repo has been linked 22 different CVEs too.
Profile Photo
net1nfect/ctf

None

Python

Updated: 1 week, 2 days ago
1 stars 0 fork 0 watcher
Born at : May 4, 2026, 9:44 p.m. This repo has been linked 13 different CVEs too.
Profile Photo
degiscaler-stack/restaurant-dashboard-system

None

JavaScript TypeScript CSS

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 4, 2026, 1:04 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
degiscaler-stack/baraka

None

JavaScript TypeScript

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 4, 2026, 5:34 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
TessaAnselm/K8

K8 Security Lab

CSS JavaScript HTML Shell

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : May 2, 2026, 7:39 p.m. This repo has been linked 10 different CVEs too.
Profile Photo
Skyw4lkeR77/web-challange-writeup

None

Updated: 1 week, 4 days ago
0 stars 0 fork 0 watcher
Born at : May 2, 2026, 5:24 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
CEJamesW/ctf-skills-zh

Simplified Chinese translation of ljagiello/ctf-skills for CTF learning and challenge solving.

Python Shell

Updated: 1 week, 3 days ago
1 stars 1 fork 1 watcher
Born at : May 2, 2026, 4:30 a.m. This repo has been linked 13 different CVEs too.
Profile Photo
iampopg/Nigeria-APt-Hunt

Just for fun

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : May 1, 2026, 6:33 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
abhi04anon/JSPECTER

Autonomous JavaScript Recon, Secret Discovery & Vulnerability Intelligence Engine

Python

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : May 1, 2026, 7:02 a.m. This repo has been linked 18 different CVEs too.
Profile Photo
Theori-lO/reactguard

ReactGuard provides framework- and vulnerability-detection tooling for CVE-2025-55182 (React2Shell)

cve-2025-55182 cve-2025-55183 cve-2025-55184 cve-2025-67779 nextjs react react2shell reactguard waku

Makefile Python

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : April 29, 2026, 9:03 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
romain-deperne/romain-deperne

Profile README

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : April 29, 2026, 8:58 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
pierce403/cvehunt

None

Python JavaScript HTML CSS Shell Dockerfile

Updated: 5 days, 5 hours ago
1 stars 2 fork 2 watcher
Born at : April 28, 2026, 1:26 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-55182 vulnerability anywhere in the article.

  • CybersecurityNews
New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft

A sophisticated new malware framework called PCPJack has been found actively targeting cloud environments across the internet, hunting for exposed services and stripping away credentials at scale. The ... Read more

Published Date: May 08, 2026 (5 days, 14 hours ago)
  • The Hacker News
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environ ... Read more

Published Date: May 07, 2026 (6 days, 7 hours ago)
  • europa.eu
Cyber Brief 26-05 - April 2026

Cyber Brief (April 2026)May 4, 2026 – Version: 1TLP:CLEARExecutive summaryWe analysed 366 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, the Council of the Eur ... Read more

Published Date: May 04, 2026 (1 week, 2 days ago)
  • The Hacker News
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European gove ... Read more

Published Date: May 01, 2026 (1 week, 5 days ago)
  • The Register
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia

Exclusive A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as r ... Read more

Published Date: Apr 30, 2026 (1 week, 6 days ago)
  • Trend Micro
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

Table 1. Legitimate executables vulnerable to DLL sideloading abused by SHADOW‑EARTH‑053 SHADOW-EARTH-053 uses a legitimate Toshiba Bluetooth Stack executable, renamed to CIATosBtKbd.exe, to sideload ... Read more

Published Date: Apr 30, 2026 (2 weeks ago)
  • CybersecurityNews
Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits

A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900 companies around the world. The operation, built aroun ... Read more

Published Date: Apr 24, 2026 (2 weeks, 5 days ago)
  • The Cyber Express
China-Linked Cyber Actors Turn to Massive Covert Botnets to Evade Detection

A newly issued cybersecurity advisory highlights an evolution in the tactics, techniques and procedures (TTPs) employed by China-Nexus threat actors. The report, released with support from the UK Cybe ... Read more

Published Date: Apr 24, 2026 (2 weeks, 5 days ago)
  • The Cyber Express
Exposed Server Reveals AI-Assisted Credential Harvesting Factory

An exposed server sitting open on the internet handed forensic investigators something rarely available; an unobstructed view inside a running criminal operation, complete with code, logs, victim data ... Read more

Published Date: Apr 22, 2026 (3 weeks ago)
  • Huntress
Untangling a Linux Incident With an OpenAI Twist (Part 2)

Acknowledgments: Special thanks to Tanner Filip and Lindsey O’Donnell-Welch for their contributions to this blog and research. Recently, the Huntress Security Operations Center (SOC) came across a str ... Read more

Published Date: Apr 22, 2026 (3 weeks ago)
  • The Hacker News
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuar ... Read more

Published Date: Apr 18, 2026 (3 weeks, 4 days ago)
  • The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploi ... Read more

Published Date: Apr 17, 2026 (3 weeks, 5 days ago)
  • The Hacker News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To tha ... Read more

Published Date: Apr 17, 2026 (3 weeks, 5 days ago)
  • The Hacker News
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you igno ... Read more

Published Date: Apr 16, 2026 (3 weeks, 6 days ago)
  • The Hacker News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate an ... Read more

Published Date: Apr 16, 2026 (3 weeks, 6 days ago)
  • The Hacker News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-20 ... Read more

Published Date: Apr 15, 2026 (4 weeks ago)
  • The Hacker News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnera ... Read more

Published Date: Apr 15, 2026 (4 weeks ago)
  • The Hacker News
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-saf ... Read more

Published Date: Apr 14, 2026 (4 weeks, 1 day ago)
  • The Hacker News
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is ... Read more

Published Date: Apr 14, 2026 (4 weeks, 1 day ago)
  • The Hacker News
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitatio ... Read more

Published Date: Apr 14, 2026 (4 weeks, 1 day ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-55182 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Dec. 06, 2025

    Action Type Old Value New Value
    Added Date Added 2025-12-05
    Added Due Date 2025-12-26
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Meta React Server Components Remote Code Execution Vulnerability
  • Initial Analysis by [email protected]

    Dec. 05, 2025

    Action Type Old Value New Value
    Added CWE CWE-502
    Added CPE Configuration OR *cpe:2.3:a:facebook:react:19.0.0:*:*:*:*:*:*:* *cpe:2.3:a:facebook:react:19.1.0:*:*:*:*:*:*:* *cpe:2.3:a:facebook:react:19.1.1:*:*:*:*:*:*:* *cpe:2.3:a:facebook:react:19.2.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 15.0.0 up to (excluding) 15.0.5 *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 15.1.0 up to (excluding) 15.1.9 *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 15.2.0 up to (excluding) 15.2.6 *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 15.3.0 up to (excluding) 15.3.6 *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 15.4.0 up to (excluding) 15.4.8 *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 15.5.0 up to (excluding) 15.5.7 *cpe:2.3:a:vercel:next.js:15.6.0:-:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary0:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary1:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary10:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary11:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary12:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary13:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary14:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary15:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary16:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary17:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* versions from (including) 16.0.0 up to (excluding) 16.0.7 *cpe:2.3:a:vercel:next.js:15.6.0:canary18:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary19:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary2:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary20:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary21:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary22:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary23:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary24:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary25:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary26:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary27:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary28:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary29:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary3:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary30:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary31:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary32:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary33:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary34:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary35:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary36:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary37:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary38:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary39:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary4:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary40:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary41:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary42:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary43:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary44:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary45:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary46:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary47:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary48:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary49:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary5:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary50:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary51:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary52:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary53:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary54:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary55:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary56:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary57:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary6:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary7:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary8:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:15.6.0:canary9:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:16.0.0:-:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary77:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary78:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary79:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary80:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary81:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary82:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary83:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary84:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary85:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary86:*:*:*:node.js:*:* *cpe:2.3:a:vercel:next.js:14.3.0:canary87:*:*:*:node.js:*:*
    Added Reference Type Facebook, Inc.: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components Types: Patch, Vendor Advisory
    Added Reference Type Facebook, Inc.: https://www.facebook.com/security/advisories/cve-2025-55182 Types: Vendor Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182 Types: US Government Resource
    Added Reference Type CISA-ADP: https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/ Types: Third Party Advisory
    Added Reference Type CVE: https://news.ycombinator.com/item?id=46136026 Types: Issue Tracking
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/12/03/4 Types: Mailing List, Patch, Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Dec. 05, 2025

    Action Type Old Value New Value
    Added Reference https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 04, 2025

    Action Type Old Value New Value
    Removed Reference https://github.com/ejpir/CVE-2025-55182-poc
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 04, 2025

    Action Type Old Value New Value
    Added Reference https://github.com/ejpir/CVE-2025-55182-poc
    Added Reference https://news.ycombinator.com/item?id=46136026
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 03, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/12/03/4
  • New CVE Received by [email protected]

    Dec. 03, 2025

    Action Type Old Value New Value
    Added Description A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Added Reference https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
    Added Reference https://www.facebook.com/security/advisories/cve-2025-55182
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 10
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact