Published On: Dec 14, 2025 20:53
Advisory No: TZCERT-SA-25-0126
Source: React
Software Affected: React Server Components
React Servers are affected by a critical vulnerability. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the affected device.
React Server Components are affected by a critical vulnerability tracked as CVE-2025-55182 with a CVSS base score of 10. This vulnerability results from a flaw in how React decodes payloads sent to React Server Function endpoints. Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform remote code execution on an affected device or system.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
React has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
