Tag :
Cyber Security

Summary

Vulnerability Name Remote Command Execution in React/Next.js (CVE-2025-55182/CVE-2025-66478)
Released on December 04, 2025
Affected Component React
Affected Version
React 19.0.0
React 19.1.0
React 19.1.1
React 19.2.0
Next.js 15.x
Next.js 16.x
Next.js 14.3.0-canary.77 or a later canary release
Vulnerability Type Deserialization
Exploitation Condition
1. User authentication: not required.
2. Precondition: default configurations.
3. Trigger mode: remote.
Impact Exploitation difficulty: easy. Attackers can exploit this vulnerability to execute arbitrary commands without authorization. Severity: critical. This vulnerability may lead to remote code execution.
Official Solution Available

About the Vulnerability

Component Introduction

React is an open source framework for mobile application development. It allows developers to use JavaScript and React syntax to build native mobile applications.

Vulnerability Description

On December 04, 2025, Sangfor FarSight Labs received notification of the deserialization vulnerability in React/Next.js (CVE-2025-55182/CVE-2025-66478), classified as critical in threat level.

Specifically, React Server Components contain a remote command execution vulnerability. This poses risks to React 19 and its associated frameworks, where Next.js has reported a derivative vulnerability (CVE-2025-66478).

This vulnerability stems from a flaw in the processing logic for untrusted inputs. Applications developed based on affected versions of React Server Components can be exploited by attackers to execute arbitrary commands. This vulnerability is discovered in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of the following three core software packages: react-server-dom-parcel, react-server-dom-webpack, and react-server-dom-turbopack.

As these software packages are embedded in or dependent upon by various mainstream frameworks and bundling tools, the impact scope of this vulnerability further expands. For example, the affected versions of Next.js include 14.x (later than 14.3.0-canary.77), 15.0.x (lower than 15.0.5). 15.1.x (lower than 15.1.9), 15.2.x (lower than 15.2.6), 15.3.x (lower than 15.3.6), 15.4.x (lower than 15.4.8), 15.5.x (lower than 15.5.7), and 16.0.x (lower than 16.0.7). In addition, Vite, Parcel, React Router, RedwoodSDK, Waku, and other frameworks and plug-ins that can be implemented through React Server Components are also affected.

Affected Versions

The following React versions are affected:

React 19.0.0

React 19.1.0

React 19.1.1

React 19.2.0

Next.js 15.x

Next.js 16.x

Next.js 14.3.0-canary.77 or a later canary release

Vulnerability Reproduction

Sangfor FarSight Labs has reproduced this vulnerability, as shown in the following figure.

Vulnerability Reproduction

Solutions

Remediation Solutions

Official Solution

React has officially released the latest versions to fix the vulnerability. Affected users are advised to update React to any one of the following versions:

React 19.0.1

React 19.1.2

React 19.2.1

Update command: npm install react@latest react-dom@latest

Next.js has officially released the latest versions to fix the vulnerability. Affected users are advised to update Next.js to any one of the following versions:

15.0.5

15.1.9

15.2.6

15.3.6

15.4.8

15.5.7

16.0.7

Update command: npm install next@Version number

Temporary Solutions

  1. Disable unused functional modules to reduce attack entry points.
  2. Follow the principle of least privilege to strictly control the scope of permissions for sensitive operations.
  3. Do not expose services to the Internet unless necessary, to limit the access sources to trusted ranges.
  4. Regularly update the system and components to secure versions so that known vulnerabilities can be patched at the earliest opportunity.

Sangfor Solutions

Proactive Vulnerability Detection

The following Sangfor services can proactively detect CVE-2025-55182 and CVE-2025-66478 vulnerabilities and quickly identify vulnerability risks in batches in business scenarios:

  • Athena Extended Detection and Response (XDR): The corresponding detection solution will be released on December 06, 2025. The rule ID is SF-2025-01574.

Vulnerability Monitoring

The following Sangfor services support CVE-2025-55182 and CVE-2025-66478 vulnerability monitoring, and can quickly identify affected assets and the impact scope in business scenarios in real time through traffic collection:

  • Athena Network Detection and Response (NDR): The corresponding monitoring solution will be released on December 04, 2025. The rule ID is 11220100.
  • Athena Managed Detection and Response (MDR): The corresponding monitoring solution will be released on December 04, 2025. The rule ID is 11220100. In this case, make sure that Athena MDR is integrated with Athena NDR.
  • Athena XDR: The corresponding monitoring solution will be released on December 04, 2025. The rule ID is 11220100.
  • Sangfor Traffic Monitoring GPT: Sangfor Traffic Monitoring GPT can detect attacks and threats targeting these vulnerabilities based on its understanding of attacks and code, without the need to configure rules.

Vulnerability Prevention

The following Sangfor services can effectively block CVE-2025-55182 and CVE-2025-66478 exploits:

  • Athena Next-Generation Firewall (NGFW): The corresponding prevention solution will be released on December 04, 2025. The rule ID is 11220100.
  • Sangfor Web Application Firewall (WAF): The corresponding prevention solution will be released on December 04, 2025. The rule ID is 11220100.
  • Athena MDR: The corresponding prevention solution will be released on December 04, 2025. The rule ID is 11220100. In this case, make sure that Athena MDR is integrated with Athena NGFW.
  • Athena XDR: The corresponding prevention solution will be released on December 04, 2025. The rule ID is 11220100. In this case, make sure that Athena XDR is integrated with Athena NGFW.

Timeline

On December 04, 2025, Sangfor FarSight Labs received notification of the remote command execution vulnerability in React/Next.js (CVE-2025-55182/CVE-2025-66478).

On December 04, 2025, Sangfor FarSight Labs released a vulnerability alert.

Reference

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Linux Cryptojacking Could be Secretly Draining Your Server Resources

Date : 26 May 2026
Read Now

GoldFactory Targets Vietnam and Thailand with Mobile Banking Fraud

Date : 12 May 2026
Read Now

LiteLLM SQL Injection (CVE-2026-42208)

Date : 29 Apr 2026
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Sangfor Athena XDR - Extended Detection and Response
Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail