CVE-2025-55182

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55182

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55182.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55182

Aliases

GHSA-fv66-9v8q-g76r

Published

2025-12-03T16:15:56.463Z

Modified

2026-02-05T06:20:43.651082Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

References

Affected packages

Git / github.com/vercel/next.js

Affected ranges

Type: GIT
Repo: https://github.com/vercel/next.js
Events: Introduced

b0416fbb44d1d148b6322ed79b6448d588260e49

Fixed

25ba2c26f42dc33a72c7ff39710fcad9b19d9658

Introduced

b2ff04995be722a5c93225e16e1c7fcc8bb53f91

Fixed

2f026aae46027d9575494fb3aecbd0d75fd674f0

Introduced

51bfe3c1863b191f4b039bc230e8ed5c57b0baf3

Fixed

3d663f2141a05adb975de4e9dae4c49780791881

Introduced

7e08c8223d64bc2add7a0e5a323cbce0a84bb292

Fixed

3eaf68b09b2b6b8c0c8e080a9713e131a78dc529

Introduced

7ad467409b67691ae4f5dc4dc47f1a247c4ba988

Fixed

49668475daba15ef8cea1d8e469dc0f9a765b635

Introduced

950609f96f694c5475d18cd2d72a0052ca04d4b9

Fixed

7492122a3bbc6655b64ccba04076c73ab418cdcc

Introduced

dafcd43fac3ef9d0ffd94f9c94fd61db4449df25

Fixed

aeb69d97f8aad106f4760ff04f6d3aaa33597635

Affected versions

v15.*

v15.0.0

v15.0.1

v15.0.1-canary.0

v15.0.1-canary.1

v15.0.1-canary.2

v15.0.1-canary.3

v15.0.2

v15.0.2-canary.0

v15.0.2-canary.1

v15.0.2-canary.10

v15.0.2-canary.11

v15.0.2-canary.2

v15.0.2-canary.3

v15.0.2-canary.4

v15.0.2-canary.5

v15.0.2-canary.6

v15.0.2-canary.7

v15.0.2-canary.8

v15.0.2-canary.9

v15.0.3

v15.0.3-canary.0

v15.0.3-canary.1

v15.0.3-canary.2

v15.0.3-canary.3

v15.0.3-canary.4

v15.0.3-canary.5

v15.0.3-canary.6

v15.0.3-canary.7

v15.0.3-canary.8

v15.0.3-canary.9

v15.0.4

v15.0.4-canary.0

v15.0.4-canary.1

v15.0.4-canary.10

v15.0.4-canary.11

v15.0.4-canary.12

v15.0.4-canary.13

v15.0.4-canary.14

v15.0.4-canary.15

v15.0.4-canary.16

v15.0.4-canary.17

v15.0.4-canary.18

v15.0.4-canary.19

v15.0.4-canary.2

v15.0.4-canary.20

v15.0.4-canary.21

v15.0.4-canary.22

v15.0.4-canary.23

v15.0.4-canary.24

v15.0.4-canary.25

v15.0.4-canary.26

v15.0.4-canary.27

v15.0.4-canary.28

v15.0.4-canary.29

v15.0.4-canary.3

v15.0.4-canary.30

v15.0.4-canary.31

v15.0.4-canary.32

v15.0.4-canary.33

v15.0.4-canary.34

v15.0.4-canary.35

v15.0.4-canary.36

v15.0.4-canary.37

v15.0.4-canary.38

v15.0.4-canary.39

v15.0.4-canary.4

v15.0.4-canary.40

v15.0.4-canary.41

v15.0.4-canary.42

v15.0.4-canary.43

v15.0.4-canary.44

v15.0.4-canary.45

v15.0.4-canary.46

v15.0.4-canary.47

v15.0.4-canary.48

v15.0.4-canary.49

v15.0.4-canary.5

v15.0.4-canary.50

v15.0.4-canary.51

v15.0.4-canary.52

v15.0.4-canary.6

v15.0.4-canary.7

v15.0.4-canary.8

v15.0.4-canary.9

v15.1.0

v15.1.1

v15.1.2

v15.1.3

v15.1.4

v15.1.5

v15.1.6

v15.1.7

v15.1.8

v15.2.0

v15.2.1

v15.2.1-canary.0

v15.2.1-canary.1

v15.2.1-canary.2

v15.2.1-canary.3

v15.2.1-canary.4

v15.2.1-canary.5

v15.2.1-canary.6

v15.2.2

v15.2.2-canary.0

v15.2.2-canary.1

v15.2.2-canary.2

v15.2.2-canary.3

v15.2.2-canary.4

v15.2.2-canary.5

v15.2.2-canary.6

v15.2.2-canary.7

v15.2.3

v15.2.4

v15.2.5

v15.3.0

v15.3.0-canary.0

v15.3.0-canary.1

v15.3.0-canary.10

v15.3.0-canary.11

v15.3.0-canary.12

v15.3.0-canary.13

v15.3.0-canary.14

v15.3.0-canary.15

v15.3.0-canary.16

v15.3.0-canary.17

v15.3.0-canary.18

v15.3.0-canary.19

v15.3.0-canary.2

v15.3.0-canary.20

v15.3.0-canary.21

v15.3.0-canary.22

v15.3.0-canary.23

v15.3.0-canary.24

v15.3.0-canary.25

v15.3.0-canary.26

v15.3.0-canary.27

v15.3.0-canary.28

v15.3.0-canary.29

v15.3.0-canary.3

v15.3.0-canary.30

v15.3.0-canary.31

v15.3.0-canary.32

v15.3.0-canary.33

v15.3.0-canary.34

v15.3.0-canary.35

v15.3.0-canary.36

v15.3.0-canary.37

v15.3.0-canary.38

v15.3.0-canary.39

v15.3.0-canary.4

v15.3.0-canary.40

v15.3.0-canary.41

v15.3.0-canary.42

v15.3.0-canary.43

v15.3.0-canary.44

v15.3.0-canary.45

v15.3.0-canary.46

v15.3.0-canary.5

v15.3.0-canary.6

v15.3.0-canary.7

v15.3.0-canary.8

v15.3.0-canary.9

v15.3.1

v15.3.1-canary.0

v15.3.1-canary.1

v15.3.1-canary.10

v15.3.1-canary.11

v15.3.1-canary.12

v15.3.1-canary.13

v15.3.1-canary.14

v15.3.1-canary.15

v15.3.1-canary.2

v15.3.1-canary.3

v15.3.1-canary.4

v15.3.1-canary.5

v15.3.1-canary.6

v15.3.1-canary.7

v15.3.1-canary.8

v15.3.1-canary.9

v15.3.2

v15.3.3

v15.3.4

v15.3.5

v15.4.0

v15.4.0-canary.0

v15.4.0-canary.1

v15.4.0-canary.10

v15.4.0-canary.100

v15.4.0-canary.101

v15.4.0-canary.102

v15.4.0-canary.103

v15.4.0-canary.104

v15.4.0-canary.105

v15.4.0-canary.107

v15.4.0-canary.108

v15.4.0-canary.109

v15.4.0-canary.11

v15.4.0-canary.110

v15.4.0-canary.111

v15.4.0-canary.112

v15.4.0-canary.113

v15.4.0-canary.114

v15.4.0-canary.115

v15.4.0-canary.116

v15.4.0-canary.117

v15.4.0-canary.118

v15.4.0-canary.119

v15.4.0-canary.12

v15.4.0-canary.120

v15.4.0-canary.121

v15.4.0-canary.122

v15.4.0-canary.123

v15.4.0-canary.124

v15.4.0-canary.125

v15.4.0-canary.126

v15.4.0-canary.127

v15.4.0-canary.128

v15.4.0-canary.129

v15.4.0-canary.13

v15.4.0-canary.130

v15.4.0-canary.14

v15.4.0-canary.15

v15.4.0-canary.16

v15.4.0-canary.17

v15.4.0-canary.18

v15.4.0-canary.19

v15.4.0-canary.2

v15.4.0-canary.20

v15.4.0-canary.21

v15.4.0-canary.22

v15.4.0-canary.23

v15.4.0-canary.24

v15.4.0-canary.25

v15.4.0-canary.26

v15.4.0-canary.27

v15.4.0-canary.28

v15.4.0-canary.29

v15.4.0-canary.3

v15.4.0-canary.30

v15.4.0-canary.31

v15.4.0-canary.32

v15.4.0-canary.33

v15.4.0-canary.34

v15.4.0-canary.35

v15.4.0-canary.36

v15.4.0-canary.37

v15.4.0-canary.38

v15.4.0-canary.39

v15.4.0-canary.4

v15.4.0-canary.40

v15.4.0-canary.42

v15.4.0-canary.43

v15.4.0-canary.45

v15.4.0-canary.46

v15.4.0-canary.48

v15.4.0-canary.49

v15.4.0-canary.5

v15.4.0-canary.50

v15.4.0-canary.51

v15.4.0-canary.52

v15.4.0-canary.53

v15.4.0-canary.54

v15.4.0-canary.55

v15.4.0-canary.56

v15.4.0-canary.57

v15.4.0-canary.58

v15.4.0-canary.59

v15.4.0-canary.6

v15.4.0-canary.60

v15.4.0-canary.61

v15.4.0-canary.62

v15.4.0-canary.63

v15.4.0-canary.64

v15.4.0-canary.65

v15.4.0-canary.66

v15.4.0-canary.67

v15.4.0-canary.68

v15.4.0-canary.69

v15.4.0-canary.7

v15.4.0-canary.70

v15.4.0-canary.71

v15.4.0-canary.72

v15.4.0-canary.73

v15.4.0-canary.74

v15.4.0-canary.75

v15.4.0-canary.76

v15.4.0-canary.77

v15.4.0-canary.78

v15.4.0-canary.79

v15.4.0-canary.8

v15.4.0-canary.80

v15.4.0-canary.81

v15.4.0-canary.82

v15.4.0-canary.83

v15.4.0-canary.84

v15.4.0-canary.85

v15.4.0-canary.86

v15.4.0-canary.87

v15.4.0-canary.88

v15.4.0-canary.89

v15.4.0-canary.9

v15.4.0-canary.90

v15.4.0-canary.91

v15.4.0-canary.92

v15.4.0-canary.93

v15.4.0-canary.94

v15.4.0-canary.95

v15.4.0-canary.96

v15.4.0-canary.97

v15.4.0-canary.98

v15.4.0-canary.99

v15.4.1

v15.4.2

v15.4.2-canary.0

v15.4.2-canary.1

v15.4.2-canary.10

v15.4.2-canary.11

v15.4.2-canary.12

v15.4.2-canary.13

v15.4.2-canary.14

v15.4.2-canary.15

v15.4.2-canary.16

v15.4.2-canary.17

v15.4.2-canary.18

v15.4.2-canary.19

v15.4.2-canary.2

v15.4.2-canary.20

v15.4.2-canary.21

v15.4.2-canary.22

v15.4.2-canary.23

v15.4.2-canary.24

v15.4.2-canary.25

v15.4.2-canary.26

v15.4.2-canary.27

v15.4.2-canary.28

v15.4.2-canary.29

v15.4.2-canary.3

v15.4.2-canary.30

v15.4.2-canary.31

v15.4.2-canary.32

v15.4.2-canary.33

v15.4.2-canary.34

v15.4.2-canary.35

v15.4.2-canary.36

v15.4.2-canary.37

v15.4.2-canary.38

v15.4.2-canary.39

v15.4.2-canary.4

v15.4.2-canary.40

v15.4.2-canary.41

v15.4.2-canary.42

v15.4.2-canary.43

v15.4.2-canary.44

v15.4.2-canary.45

v15.4.2-canary.46

v15.4.2-canary.47

v15.4.2-canary.48

v15.4.2-canary.49

v15.4.2-canary.5

v15.4.2-canary.50

v15.4.2-canary.51

v15.4.2-canary.52

v15.4.2-canary.53

v15.4.2-canary.54

v15.4.2-canary.55

v15.4.2-canary.56

v15.4.2-canary.6

v15.4.2-canary.7

v15.4.2-canary.8

v15.4.2-canary.9

v15.4.3

v15.4.4

v15.4.5

v15.4.6

v15.4.7

v15.5.0

v15.5.1

v15.5.1-canary.0

v15.5.1-canary.1

v15.5.1-canary.10

v15.5.1-canary.11

v15.5.1-canary.12

v15.5.1-canary.13

v15.5.1-canary.14

v15.5.1-canary.15

v15.5.1-canary.16

v15.5.1-canary.17

v15.5.1-canary.18

v15.5.1-canary.19

v15.5.1-canary.2

v15.5.1-canary.20

v15.5.1-canary.21

v15.5.1-canary.22

v15.5.1-canary.23

v15.5.1-canary.24

v15.5.1-canary.25

v15.5.1-canary.26

v15.5.1-canary.27

v15.5.1-canary.28

v15.5.1-canary.29

v15.5.1-canary.3

v15.5.1-canary.30

v15.5.1-canary.31

v15.5.1-canary.32

v15.5.1-canary.33

v15.5.1-canary.34

v15.5.1-canary.35

v15.5.1-canary.36

v15.5.1-canary.37

v15.5.1-canary.38

v15.5.1-canary.39

v15.5.1-canary.4

v15.5.1-canary.5

v15.5.1-canary.6

v15.5.1-canary.7

v15.5.1-canary.8

v15.5.1-canary.9

v15.5.2

v15.5.3

v15.5.4

v15.5.5

v15.5.6

v15.6.0-canary.0

v15.6.0-canary.1

v15.6.0-canary.10

v15.6.0-canary.11

v15.6.0-canary.12

v15.6.0-canary.13

v15.6.0-canary.14

v15.6.0-canary.15

v15.6.0-canary.16

v15.6.0-canary.17

v15.6.0-canary.18

v15.6.0-canary.19

v15.6.0-canary.2

v15.6.0-canary.20

v15.6.0-canary.21

v15.6.0-canary.22

v15.6.0-canary.23

v15.6.0-canary.24

v15.6.0-canary.25

v15.6.0-canary.26

v15.6.0-canary.27

v15.6.0-canary.28

v15.6.0-canary.29

v15.6.0-canary.3

v15.6.0-canary.30

v15.6.0-canary.31

v15.6.0-canary.33

v15.6.0-canary.34

v15.6.0-canary.35

v15.6.0-canary.36

v15.6.0-canary.37

v15.6.0-canary.38

v15.6.0-canary.39

v15.6.0-canary.4

v15.6.0-canary.40

v15.6.0-canary.41

v15.6.0-canary.42

v15.6.0-canary.43

v15.6.0-canary.44

v15.6.0-canary.45

v15.6.0-canary.46

v15.6.0-canary.47

v15.6.0-canary.48

v15.6.0-canary.49

v15.6.0-canary.5

v15.6.0-canary.50

v15.6.0-canary.51

v15.6.0-canary.52

v15.6.0-canary.53

v15.6.0-canary.54

v15.6.0-canary.55

v15.6.0-canary.56

v15.6.0-canary.57

v15.6.0-canary.6

v15.6.0-canary.7

v15.6.0-canary.8

v15.6.0-canary.9

v16.*

v16.0.0

v16.0.0-canary.0

v16.0.0-canary.1

v16.0.0-canary.11

v16.0.0-canary.12

v16.0.0-canary.13

v16.0.0-canary.14

v16.0.0-canary.15

v16.0.0-canary.16

v16.0.0-canary.17

v16.0.0-canary.19

v16.0.0-canary.2

v16.0.0-canary.3

v16.0.0-canary.4

v16.0.0-canary.5

v16.0.0-canary.6

v16.0.0-canary.7

v16.0.0-canary.8

v16.0.0-canary.9

v16.0.1

v16.0.1-canary.0

v16.0.1-canary.1

v16.0.1-canary.2

v16.0.1-canary.3

v16.0.1-canary.4

v16.0.1-canary.5

v16.0.1-canary.6

v16.0.2

v16.0.3

v16.0.4

v16.0.5

v16.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55182.json"