No results found for ""
Try different keywords or check spelling
Search in CVE database, posts & pages • Press ESC to close
This vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7 configuration(s) from 2 vendor(s)
cpe:2.3:a:facebook:react:19.2.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:react:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:react:19.1.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:react:19.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vercel:next.js:15.6.0:-:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:16.0.0:-:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary0:*:*:*:node.js:*:*
Listed in CISA's Known Exploited Vulnerabilities catalog
Latest news and updates about CVE-2025-55182
