CVE-2025-55182
- Source
- https://cve.org/CVERecord?id=CVE-2025-55182
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55182.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-55182
- Aliases
- Published
- 2025-12-03T16:15:56.463Z
- Modified
- 2026-03-14T08:46:59.801835Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182
- https://www.facebook.com/security/advisories/cve-2025-55182
- https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/
- https://news.ycombinator.com/item?id=46136026
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- http://www.openwall.com/lists/oss-security/2025/12/03/4
Affected packages
Git / github.com/facebook/react
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/react
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "19.0.0" }, { "introduced": "0" }, { "last_affected": "19.1.0" }, { "introduced": "0" }, { "last_affected": "19.1.1" }, { "introduced": "0" }, { "last_affected": "19.2.0" }, { "introduced": "0" }, { "last_affected": "15.6.0-NA" }, { "introduced": "0" }, { "last_affected": "16.0.0-NA" } ] }
- Type
- GIT
- Repo
- https://github.com/vercel/next.js
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "15.0.0" }, { "fixed": "15.0.5" }, { "introduced": "15.1.0" }, { "fixed": "15.1.9" }, { "introduced": "15.2.0" }, { "fixed": "15.2.6" }, { "introduced": "15.3.0" }, { "fixed": "15.3.6" }, { "introduced": "15.4.0" }, { "fixed": "15.4.8" }, { "introduced": "15.5.0" }, { "fixed": "15.5.7" }, { "introduced": "16.0.0" }, { "fixed": "16.0.7" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary77" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary78" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary79" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary80" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary81" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary82" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary83" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary84" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary85" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary86" }, { "introduced": "0" }, { "last_affected": "14.3.0-canary87" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary0" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary1" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary10" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary11" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary12" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary13" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary14" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary15" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary16" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary17" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary18" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary19" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary2" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary20" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary21" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary22" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary23" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary24" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary25" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary26" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary27" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary28" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary29" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary3" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary30" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary31" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary32" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary33" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary34" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary35" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary36" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary37" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary38" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary39" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary4" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary40" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary41" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary42" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary43" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary44" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary45" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary46" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary47" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary48" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary49" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary5" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary50" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary51" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary52" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary53" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary54" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary55" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary56" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary57" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary6" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary7" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary8" }, { "introduced": "0" }, { "last_affected": "15.6.0-canary9" } ] }
Affected versions
1.*
1.2.5
16.*
16.0.0-beta.1
16.0.0-beta.3
16.0.0-beta.4
16.0.0-beta.5
16.1.0
16.1.0-beta
16.1.0-beta.1
16.1.0-rc
eslint-plugin-react-hooks@5.*
eslint-plugin-react-hooks@5.0.0
Other
status
v0.*
v0.0.0-88ada9819
v0.0.0-d7382b6c4
v0.0.0-experimental-27659559e
v0.0.0-experimental-8b155d261
v0.0.0-experimental-aae83a4b9
v0.0.0-experimental-d7382b6c4
v0.10.0-rc1
v0.11.0-rc1
v0.12.0-rc1
v0.13.0-rc1
v0.13.0-rc2
v0.14.0-beta1
v0.14.0-beta2
v0.14.0-beta3
v0.14.0-rc1
v0.4.0
v0.9.0-rc1
v15.*
v15.0.0-rc.1
v15.0.0-rc.2
v16.*
v16.0.0
v16.0.0-alpha.3
v16.0.0-alpha.4
v16.0.0-rc.1
v16.1.0
v16.1.1
v16.10.0
v16.11.0
v16.12.0
v16.13.0
v16.2.0
v16.3.0
v16.3.0-alpha.0
v16.3.0-alpha.1
v16.3.0-alpha.2
v16.3.0-alpha.3
v16.3.0-rc.0
v16.3.1
v16.3.2
v16.4.0
v16.4.1
v16.5.0
v16.5.2
v16.6.0
v16.6.0-alpha.0
v16.6.0-alpha.8af6728
v16.6.1
v16.7.0
v16.8.0
v16.8.2
v16.9.0
v16.9.0-alpha.0
v16.9.0-rc.0
v18.*
v18.0.0
v18.1.0
v18.2.0
v19.*
v19.0.0