CVE-2025-67779

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-67779
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67779.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67779
Aliases
Published
2025-12-12T00:15:46.797Z
Modified
2026-03-14T02:00:51.171970Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

References

Affected packages

Git / github.com/facebook/react

Affected ranges

Type
GIT
Repo
https://github.com/facebook/react
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
61c95d04a87164c0a2cae7b2e055729a38a39be6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cff62b6370b29cf657899cc8397eaade5eceb58c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b910fc15e38d4fa80003819ddb7a928a3c3dca5d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
911603b46e89ae0704561a2ad9a8cbd7f2bc12f1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d3d791ca55f7b33364f9429372e62e01c90625a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-NA"
        }
    ]
}
Type
GIT
Repo
https://github.com/vercel/next.js
Events
Introduced
79031e608a1b871ab4f3f3228cc1a66d93bf470b
Fixed
7b940d9ce96faddb9f92ff40f5e35c34ace04eb2
Introduced
51bfe3c1863b191f4b039bc230e8ed5c57b0baf3
Fixed
fc9d731d04b677e07fd54f8a7cc4d2e7d0955731
Introduced
dafcd43fac3ef9d0ffd94f9c94fd61db4449df25
Fixed
1bedcab981dc21dbb0050f26a8dfd0eab2443ed5
Introduced
b0416fbb44d1d148b6322ed79b6448d588260e49
Fixed
fc3b7c50d41d7061bf9aea2530a634c56aa53017
Introduced
b2ff04995be722a5c93225e16e1c7fcc8bb53f91
Fixed
ecda06cd7ee9fe055f9c07b46772ecc18b8160c4
Introduced
7ad467409b67691ae4f5dc4dc47f1a247c4ba988
Fixed
43cb5460c809ab97b6547b7765542cf16adcfc3c
Introduced
7e08c8223d64bc2add7a0e5a323cbce0a84bb292
Fixed
c5de33e93ccccaf3bee60cf50603e2152f9886e1
Introduced
950609f96f694c5475d18cd2d72a0052ca04d4b9
Fixed
581dee67e280b96c0766172cbd5477102c03342b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c654bec6eb08382ed2ef47c90317039b6693f62a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4d82a4aa13ff4d5f9b0179dcaa185666df617756
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
03250cd04344ba2a527763d08b3976bf29dff226
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f27212108372c13acf795ceec1e169405c177815
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
12a6ee4b212bc49c9ec6f339e55ca2b5b18d663c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
74b226fe4afc7149901affc3c005476e9e592315
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
92f23dae971044dfb49f7bbbf29f02c64f6ce7b3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b99b353f52745ad03783b99fad8d2eb287f03fad
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9db775049edc7e0ee29c7551492c202e01829c8d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7fb8bfe685a117ca87332ab5366efcda8fdbcb82
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c072d53ce28cb680f7207e789b6b9951a21b0a8d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
630798355931c8b24d7067aac6ff9519f201a01d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ea034f6ff96e54ddab4b81796ae5ad7232e05ede
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d608590ced4f592c9939c841b9814c121bb6b20d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e9e5eca47b935abaffc1321bd8896a498dc3c636
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de19200deb33869fc691b43e68aef76493d79fa1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
42cc1a85888311a7f0745fd68fb29e4767b1d9e3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
49b83495aab6cd7d9ad74126f93ec3917bedc4e5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
088a519039d319ab2a48d7963d717647d943190d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d9b384d1be37308484d96bc4816d435bd22ff55
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ee87a4bb223c4270e088d97a15a6a9ad3a2d1d1f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e8a1342e0ec2b576465ae33e1c7392c92703e7ec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dbdf9ca95273198d56bef531eeb127fc38f8f8e0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
33016f3c55f4595f2601fe9d5ced8f7c675cf7fc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6bf58cc8cba154d5f8e0d14ceabab3f95bf7e51b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a9c4a8c8fb11a235d08328225532a0b8bf9c93de
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c298d7042f89ac8933e3848a39788217535cdef8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6d318d618fae8e1a04624abb83a107a1d4df5ab2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9f329f5a69447f328f1a635ab9bdb3d228426491
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d300ee9930d2e2d28f5c4dce1dc7e4fe5a62d78e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
43b8e3d6ad5acc569be6c1c12ee73dff04949c66
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7182f909aeed45c7d791bc6f49b3afcaec8cebfe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bc2fa389b11263ecb6beccfd97a8b4fe2e3dad0f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2330e144ff88fe557b24a9320770ad808041d99f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
67ca1e9519ed3007372baef06a58432e8965d35e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6f2c64048f8cd4ba6d51beb3f3b2e00aceace2f7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
16bc1455dc928b18cea93a55b65c4b02a99da63c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5faac816559bbca7a984c9a56c89f9f880ffbfd4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d4eb8915334320a39a376b409fb2e359a630d57c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
665977f2c7b124ba2f1f132d6ba4e3793a2aea49
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7c0c2c6b86fe3bd44f205a2677f3622ba3fb8700
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8acd54a8c807671b016ad9e02f108739c6563a43
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a6c48f029d7292af04dcb525a85269f92a7f1e96
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1da862828f4a9fccac2a2499d27f32cab4fd3882
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
52a26cdb0ccb8c27d1c484aa22c46d2c9332890e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fc307c4f23b18a054cdc6dfb5453749a2947b1a0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f69066fb20b29e591b40ff20e41181391bda1477
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2cc84abc6254c4dec1c51ac7945300a03e9e51be
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ed2e69df89c206d68a4ce227cda5d71e49e83290
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
69e3e629b6ea5ec67b6dca0a47bd4e7ba6eb70d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
79e78381c62149e8bc49696e140085e156444e61
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8d475c5468b18cb3aad0de0a50632953d5243db1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e2713a423002420b3d12f6fa946205581d1151e3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
73a4d0829a8e6a53af5be9c52bcf466e4941344c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
460e0f6747d93770dae9896d96eea6b2f4e2bb3f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
32199eaab69e562cae2c31642d33d1367c37c778
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
323eebcee7f15d4c880654ed9cd3b46c49e80dc7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f7a88eb6c2f77c4e07c7dc23b9a7c822d3c0b03d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
844abcac192d702161531468996eadfd1a1c4f13
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
33759e0be7d31f8a5d59544267f7ec9b914f37e5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b044d438bec2cb6845e3f927251d3caa5d56fdf9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
39440fc8de5996114601a5d4967f441daefaa24c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
decd5d4a8a9bd5ef60880273cd1ef0533fe3a077
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4e48c30b8e2714ec5f568a8bab496efb03d5c1c5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
59beba7cf075f477d91c18deac1cabef474f70ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
96ae01c8dcd3f71e2202ea4ee5b91f92a9dcacf0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5118c41567cde92c4db3077c3b656447c57603ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7fed4e52bd02f732e38a252ed17a90a1518694d9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9be830659405e82e2d9a2e6a61ec196652a4fab1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6ad5dab813d40e673c3cbc3eabbe93f517178586
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7bfb0be6426686c65b06c7eb2f2e8b4b5cfd03ec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
34d54b6e1044e62fc64a2a32a7800fb5f198d35c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1f6391ceee35ccaeedf05ce914dc2cc2da1ae9d8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2567ce3b65e58df906cabcf6123d24627c4a72e6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19aee3ffc1bd2c20d6d14e817ea94d950d22a005
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
faf1371e5771751a27a7cb77e226c1e42e0d46ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
737ddf775b491fb123fde41cc21a6a2d7ad599b9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
169fa9f744474d4ba45631c4b93326d057fa265a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a8f7b5467485647def4c0f4479a0a83bc4a3673a
Database specific 
{
    "versions": [
        {
            "introduced": "13.3.0"
        },
        {
            "fixed": "14.2.35"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "fixed": "15.0.7"
        },
        {
            "introduced": "15.1.0"
        },
        {
            "fixed": "15.1.11"
        },
        {
            "introduced": "15.2.0"
        },
        {
            "fixed": "15.2.8"
        },
        {
            "introduced": "15.3.0"
        },
        {
            "fixed": "15.3.8"
        },
        {
            "introduced": "15.4.0"
        },
        {
            "fixed": "15.4.10"
        },
        {
            "introduced": "15.5.0"
        },
        {
            "fixed": "15.5.9"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.0.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary21"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary22"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary26"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary27"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary28"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary29"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary30"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary31"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary32"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary33"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary34"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary35"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary36"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary37"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary38"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary39"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary40"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary41"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary42"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary43"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary44"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary45"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary46"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary47"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary48"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary49"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary50"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary51"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary52"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary53"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary54"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary55"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary56"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary57"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary58"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary59"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.6.0-canary9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.1.0-canary9"
        }
    ]
}

Affected versions

16.*
16.0.0-beta.1
16.0.0-beta.3
16.0.0-beta.4
16.0.0-beta.5
16.1.0
16.1.0-beta
16.1.0-beta.1
16.1.0-rc
v0.*
v0.10.0-rc1
v0.11.0-rc1
v0.12.0-rc1
v0.13.0-rc1
v0.13.0-rc2
v0.14.0-beta1
v0.14.0-beta2
v0.14.0-beta3
v0.14.0-rc1
v0.4.0
v0.9.0-rc1
v15.*
v15.0.0-rc.1
v15.0.0-rc.2
v16.*
v16.0.0
v16.0.0-alpha.3
v16.0.0-alpha.4
v16.0.0-rc.1
v16.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67779.json"