Home
/
CVE-2025-55182
CVSS v3
10.0
NVD published
2025-12-03 16:15:56
CISA date
2025-12-05
EPSS
84.5% probability · 99.3th percentile — 2026-04-24
Affected versions
cpe:2.3:a:facebook:react:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:react:19.1.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:react:19.1.1:*:*:*:*:*:*:*
cpe:2.3:a:facebook:react:19.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary77:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary78:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary79:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary80:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary81:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary82:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary83:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary84:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary85:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary86:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:14.3.0:canary87:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:-:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary0:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary1:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary10:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary11:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary12:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary13:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary14:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary15:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary16:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary17:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary18:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary19:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary2:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary20:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary21:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary22:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary23:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary24:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary25:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary26:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary27:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary28:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary29:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary3:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary30:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary31:*:*:*:node.js:*:*
cpe:2.3:a:vercel:next.js:15.6.0:canary32:*:*:*:node.js:*:*
Summary
Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.
Remediation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploit info
No exploit-tagged NVD references in our cache; see the CISA KEV link below.
View on NVD
·
CISA KEV catalog
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.
Subscribe — free email digest or paid plan
Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.