Security Advisory

CVE-2025-55182

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 15:40:56

Last updated 2026-02-26 16:57:36

Assigner Meta

State PUBLISHED

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

← Browse all CVEs View on cve.org ↗