Published On: Dec 14, 2025 20:53
Advisory No: TZCERT-SA-25-0125
Source: Cisco
Software Affected: React and Next.js Frameworks
Cisco products are affected by a critical vulnerability. The vulnerability could allow a remote attacker to execute arbitrary code on the affected device.
Cisco products running React and Next.js Frameworks are affected by a critical vulnerability tracked as CVE-2025-55182 with a CVSS base score of 10. This vulnerability results from how React decodes payloads sent to React Server Function endpoints. Successful exploitation of these vulnerabilities could allow the unauthenticated attacker to perform remote code execution on an affected device or system.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
Cisco has issued no workarounds that address this vulnerability.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
