CVE-2025-55182 CRITICAL

Published: 2025-12-03 | Last Modified: 2025-12-10 | Status: Analyzed

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

CVSS Metrics

Base Score: 10.0 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	CHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 6.0

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-502

Affected Products

Vendor	Product	Version	Update	Type
facebook	react	19.0.0	<built-in method update of dict object at 0x72a9cc624380>	Application
facebook	react	19.1.0	<built-in method update of dict object at 0x72a9b0db7c80>	Application
facebook	react	19.1.1	<built-in method update of dict object at 0x72a9b0db7980>	Application
facebook	react	19.2.0	<built-in method update of dict object at 0x72a9b0c3f940>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9cc5564c0>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9cc556f40>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9b0db4580>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9cc627700>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9cc624740>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9cc555dc0>	Application
vercel	next.js	*	<built-in method update of dict object at 0x72a9b0db7b80>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9b0db50c0>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9cc62d040>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9cc5571c0>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9cc627980>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9cc626200>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9b0db56c0>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9cc46e040>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9cc625c00>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9b0c3e480>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9b0db5880>	Application
vercel	next.js	14.3.0	<built-in method update of dict object at 0x72a9b0db41c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0735fc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b07363c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc575a00>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0735000>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc6273c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc576840>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0735c40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0735d40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0734380>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0736580>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0734840>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0737fc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b07374c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc646d40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc646bc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc645040>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc644d80>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc646c80>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc647380>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0db7f40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc6472c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc644d40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc646440>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc645540>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc646140>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc645dc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd07a0c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc6451c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc645780>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cc8335c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0797b40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0796bc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0794900>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0797a40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b07950c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b07951c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0797600>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b07956c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0795280>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0795000>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0794fc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0b8b40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0ba740>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0bbf40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0b9fc0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0b8f40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0b9a80>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0b81c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0bbf80>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0b9980>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0ba8c0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0bae00>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9cd0ba200>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0796500>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0794800>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0794340>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0795a40>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b0796ac0>	Application
vercel	next.js	15.6.0	<built-in method update of dict object at 0x72a9b07972c0>	Application
vercel	next.js	16.0.0	<built-in method update of dict object at 0x72a9b0795f80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:facebook:react:19.0.0:::::::*`
Yes	`cpe:2.3:a:facebook:react:19.1.0:::::::*`
Yes	`cpe:2.3:a:facebook:react:19.1.1:::::::*`
Yes	`cpe:2.3:a:facebook:react:19.2.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js::::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary77::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary78::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary79::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary80::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary81::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary82::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary83::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary84::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary85::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary86::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:14.3.0:canary87::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:-::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary0::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary1::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary10::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary11::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary12::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary13::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary14::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary15::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary16::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary17::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary18::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary19::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary2::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary20::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary21::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary22::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary23::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary24::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary25::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary26::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary27::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary28::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary29::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary3::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary30::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary31::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary32::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary33::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary34::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary35::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary36::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary37::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary38::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary39::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary4::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary40::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary41::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary42::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary43::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary44::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary45::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary46::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary47::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary48::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary49::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary5::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary50::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary51::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary52::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary53::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary54::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary55::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary56::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary57::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary6::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary7::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary8::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:15.6.0:canary9::::node.js::*`
Yes	`cpe:2.3:a:vercel:next.js:16.0.0:-::::node.js::*`

References

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Source: [email protected]

Patch Vendor Advisory
https://www.facebook.com/security/advisories/cve-2025-55182
Source: [email protected]

Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/12/03/4
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch Third Party Advisory
https://news.ycombinator.com/item?id=46136026
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking
https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource