🚨 Critical Security Issue in Next.js (React Server Components)

🚨 Critical Security Issue in Next.js (React Server Components)

firaflash

React just disclosed a CVSS 10.0 security vulnerability (CVE-2025-55182) affecting React Server Components.

This includes Next.js versions using RSC — and yes, you’re probably using RSC by default in Next 13+ and 14+.

🔴 What’s affected

  • react-server-dom-webpack
  • react-server-dom-turbopack
  • react-server-dom-parcel
  • Next.js (all RSC enabled versions)

This could allow unauthenticated remote code execution 😬

🟢 Fix available – update now

npm install next@15.0.5
npm install next@15.1.9
npm install next@15.2.6
npm install next@15.3.6
npm install next@15.4.8
npm install next@15.5.7
npm install next@16.0.7

If you’re on:

14.3.0-canary.77+

downgrade

npm install next@14

‼️ Hosting provider patches are temporary — don’t rely on them

📌 Full announcement & details here: (React blog)

Stay safe & update ASAP 🔐✨


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org