Multiple React RSC Vulnerabilities Patched

First reported

12.12.2025 10:55

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The React team has patched three vulnerabilities in React Server Components (RSC) that could lead to denial-of-service (DoS) or source code exposure. The flaws were discovered during the exploitation of CVE-2025-55182, a critical bug already weaponized in the wild. The affected versions include react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. Users are advised to update to the latest versions immediately.

Timeline

12.12.2025 10:55 1 articles · 23h ago

React RSC Vulnerabilities Patched
The React team has released fixes for three vulnerabilities in React Server Components (RSC) that could result in denial-of-service (DoS) or source code exposure. The flaws were discovered during the exploitation of CVE-2025-55182, a critical bug already weaponized in the wild. Users are advised to update to the latest versions immediately.
Show sources

New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55
Open in new tab

Information Snippets

CVE-2025-55184 (CVSS 7.5) is a pre-authentication DoS vulnerability caused by unsafe deserialization of payloads, leading to infinite loops and server hangs.
First reported: 12.12.2025 10:55

1 source, 1 article
Show sources
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55
CVE-2025-67779 (CVSS 7.5) is an incomplete fix for CVE-2025-55184, with the same impact.
First reported: 12.12.2025 10:55

1 source, 1 article
Show sources
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55
CVE-2025-55183 (CVSS 5.3) is an information leak vulnerability that could expose source code of Server Functions under specific conditions.
First reported: 12.12.2025 10:55

1 source, 1 article
Show sources
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55
Affected versions include 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, and 19.2.1 for CVE-2025-55184 and CVE-2025-55183, and 19.0.2, 19.1.3, and 19.2.2 for CVE-2025-67779.
First reported: 12.12.2025 10:55

1 source, 1 article
Show sources
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55
Security researchers RyotaK, Shinsaku Nomura, and Andrew MacPherson reported the vulnerabilities.
First reported: 12.12.2025 10:55

1 source, 1 article
Show sources
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55
Users are advised to update to versions 19.0.3, 19.1.4, and 19.2.3 to mitigate the risks.
First reported: 12.12.2025 10:55

1 source, 1 article
Show sources
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure — thehackernews.com — 12.12.2025 10:55