Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025

<p>On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system.</p> <p>For a description of this vulnerability, see the <a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" target="_blank" rel="noopener">public React Security Advisory</a>.</p> <p>Cisco's standard practice is to update integrated third-party software components to later versions as they become available.</p> <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb</a></p> <br/>Security Impact Rating: Critical <br/>CVE: CVE-2025-55182