top of page

Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js

4 december 2025 om 09:51:32

stepsecurity.io

Critical remote code execution vulnerabilities discovered in React Server Components and Next.js framework. Two CVEs identified: CVE-2025-55182 and CVE-2025-66478. These vulnerabilities affect popular React-based web applications and Next.js implementations. Remote attackers could potentially execute arbitrary code on affected systems. The vulnerabilities represent a significant threat to web applications using these widely-adopted React technologies.

Related links:

https://www.stepsecurity.io/blog/critical-remote-code-execution-vulnerabilities-discovered-in-react-server-components-and-next-js

Related CVE's:

CVE-2025-55182CVE-2025-66478

Related threat actors:

No threat actors found in this article

Affected products:

React Server ComponentsNext.js

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page