GHSA-vr6p-vq2p-6j74
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vr6p-vq2p-6j74
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-vr6p-vq2p-6j74/GHSA-vr6p-vq2p-6j74.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vr6p-vq2p-6j74
- Withdrawn
- 2025-12-22T16:35:36Z
- Published
- 2025-12-15T22:00:17Z
- Modified
- 2025-12-22T16:44:05.239125Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
- Details
-
Withdrawn Advisory
This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency.
Original Description
LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182.
[2025-12-15] Edit: the last fixes published by React were not thorough, a new set of fix releases completes the mitigation; see https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-502" ], "github_reviewed_at": "2025-12-15T22:00:17Z", "severity": "CRITICAL", "github_reviewed": true }- References
-
- https://github.com/likec4/likec4/security/advisories/GHSA-vr6p-vq2p-6j74
- https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- https://github.com/github/advisory-database/pull/6561#issue-3745533679
- https://github.com/likec4/likec4
- https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
Affected packages
npm / likec4
Package
- Name
- likec4
- View open source insights on deps.dev
- Purl
- pkg:npm/likec4