On December 3, 2025, the React team announced CVE-2025-55182 — a critical remote code execution flaw in React Server Components.
Its impact is worsened by how easy it is to exploit: a single malicious HTTP request is enough for an attacker to get full control of a vulnerable server.
Key points
Affected systems: Any application using React 19 Server Components or Next.js server actions is exposed, including fresh create-next-app projects with no code modifications.
Severity: Both vulnerabilities carry a CVSS score of 10.0. Public proof-of-concept exploits already demonstrate arbitrary command execution.
Exploit details: The issue stems from insecure deserialization within the React Flight protocol. Attacks were first detected on December 4, with broader exploitation anticipated.
Cloud provider actions: Cloudflare has introduced network-level request filtering to block known exploit payload patterns for customers using its WAF. Other cloud platforms may offer similar temporary defenses, but none should be considered a replacement for patching.
Invicti coverage: Invicti DAST scanners now include checks to detect and report endpoints vulnerable to this issue.
Immediate actions to take: Patching affected React and Next.js versions, rebuilding deployments, assessing application exposure, and inspecting logs for unusual or suspicious server action requests.
Official React advisory and Next.js advisory list the latest patched versions.
Affected versions
| Package | Affected Versions | Patched Versions |
| React | 19.0.0, 19.1.0, 19.1.1, 19.2.0 | 19.0.1, 19.1.2, 19.2.1 |
| Next.js | 14.3.0-canary and all 15.x and 16.x versions up to the patch releases | 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7 |
Other potentially affected frameworks
- Vite with RSC plugin
- Parcel with RSC plugin
- React Router (RSC preview versions)
- RedwoodJS
- Waku
More details about the problem
React 19 introduced React Server Components (RSC) and server actions. These capabilities depend on the custom binary Flight protocol, which handles serialization of component data between the server and the client. In vulnerable versions, the server-side decoder trusts several Flight record types that can be spoofed, enabling attackers to send malicious payloads that the server will process and execute.
Next.js is affected because it implements its server actions directly on top of the same RSC runtime. Notably, even apps that don’t implement any React Server Function endpoints may be vulnerable due to supporting RSC. This also applies to affected Next.js versions, since they enable RSC features by default as part of the standard project template.
The vulnerability exists in the core framework code that handles RSC payloads, and this code runs whenever an application processes requests, even if no one explicitly created server actions.
This poses a severe security threat. The flaw lies not in the application’s code, but in the underlying libraries it depends on. That’s especially concerning given how extensively React and Next.js are used across modern web applications.
The result is a broad and low-effort attack surface: any public route that invokes server action handling could become an RCE vector. Wiz Research estimates that as many as 39% of cloud environments may be running at least one vulnerable application.
“Considering how common Next.js is, this could be the biggest application vulnerability of 2025”
Bogdan Calin
Principal Security Researcher at Invicti
About insecure deserialization
The issue stems from three closely related packages that make up React’s server-side rendering stack:
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack
These components are responsible for decoding and handling Flight protocol payloads sent to Server Function endpoints. In the affected versions (React 19.0.0, 19.1.0, 19.1.1, and 19.2.0), contain deserialization logic that fails to validate the structure and content of incoming payloads.
A Server Function call works like this:
- Server serializes the result and sends it back
- Client serializes function arguments into Flight protocol format
- Client sends POST request to Server Function endpoint
- Server receives and deserializes the payload
- Server invokes the function with the provided arguments
When the server deserializes the payload, it can be tricked into interpreting a maliciously crafted payload as executable instructions rather than as simple function arguments.
The core problem is that this insecure deserialization happens before any of the application code runs. Even flawless input validation inside cannot prevent the issue, because the vulnerability is triggered earlier.
Remediation steps for CVE-2025-55182 and CVE-2025-66478
Remediation for React 19 Server Components
An application is impacted if it uses React versions 19.0.0, 19.1.0, 19.1.1, or 19.2.0 for any of the following modules:
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack
Actions to take:
- Updating to the patched versions released by the React team. As of December 4, the fixed versions are 19.0.1, 19.1.2, and 19.2.1.
- Rebuilding and redeploying all environments.
- Ensuring that no custom framework or bundler pins older RSC dependencies.
Remediation for Next.js
A project is vulnerable if it uses an unpatched 15.x or 16.x release.
Actions to take:
- Upgrading to the latest patched Next.js release listed in the official advisory. As of December 4, the patched builds include 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, and 16.0.7.
- Rebuilding production artifacts to remove vulnerable server action code paths.
- Ensuring that a project does not use a locked React version, preventing RSC updates.
- Checking Vercel, container, and self-hosted images to confirm they pull the updated packages.
- Invicti security checks for CVE-2025-55182 and CVE-2025-66478
As of December 5, Invicti’s DAST solutions incorporate tests for the React Server Components RCE flaws (CVE-2025-55182 and CVE-2025-66478).
Conclusion
This occurrence shows that even widely trusted and actively maintained frameworks can still expose serious security flaws. With its maximum CVSS score of 10.0, ease of exploitation, and vulnerable default configurations poses significant risk.
