top of page

Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js

4 december 2025 om 09:51:32

stepsecurity.io

Critical remote code execution vulnerabilities have been discovered in React Server Components and Next.js framework. The vulnerabilities are tracked as CVE-2025-55182 and CVE-2025-66478. These flaws affect React.js and Next.js applications and could allow attackers to execute arbitrary code remotely. The vulnerabilities pose a significant threat to web applications built using these popular JavaScript frameworks. Organizations using React Server Components or Next.js should prioritize patching these critical security issues.

Related links:

https://www.stepsecurity.io/blog/critical-remote-code-execution-vulnerabilities-discovered-in-react-server-components-and-next-js

Related CVE's:

CVE-2025-55182CVE-2025-66478

Related threat actors:

No threat actors found in this article

Affected products:

React Server ComponentsNext.jsReact.js

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page