We're informing you about two additional vulnerabilities (CVE-2025-55184 and CVE-2025-55183) identified in the React Server Components (RSC) implementation, affecting frameworks such as Next.js.
The React2Shell incident sparked community research into React Server Components, and these vulnerabilities were discovered by an external security researcher through Vercel and Meta's bug bounty program. We're grateful for this community effort.
There is no evidence these vulnerabilities have been exploited.
What we've found:
CVE-2025-55184 (High Severity – Denial of Service): A malicious HTTP request sent to any App Router endpoint can, when deserialized, cause the server process to hang and consume CPU. This impacts all versions handling RSC requests. The initial fix was incomplete and did not fully prevent denial-of-service attacks for all payload types, resulting in CVE-2025-67779.
CVE-2025-55183 (Medium Severity – Source Code Exposure): A malicious HTTP request sent to any App Router endpoint can return the compiled source code of Server Actions. This could reveal business logic, but would not expose secrets unless they were hardcoded directly into a Server Action's code.
Update your applications to the latest patched version
Even customers who have patched against React2Shell need to upgrade to the latest version. Updates to React2Shell will continue to be posted in the React2Shell Security Bulletin.
Visit the latest Security Bulletin to learn more and for guidance on automated fixes.
We will continue to monitor for emerging risks and remain committed to transparent, timely disclosures.
Make quick edits right in your PDF π
Keep your projects moving with Acrobat Pro.
Save 40% on Acrobat.
Fix it. Fast.
Edit directly in your PDF with Acrobat Pro. Whether you need to fix a typo, add text, or swap an image, you can do it all on any device, anywhere.
Get started
Special Pricing for India
Get Adobe Acrobat for less than ₹950/mo. Annual, billed monthly.
Get started
Adobe services, like Ad...
Strike the right chord with a PDF π΅
Make your work sing anywhere and on any device with Acrobat Pro.
Save 40% on Acrobat. Annual, billed monthly. Terms apply.
Work like a rolling stone.
Set up shop anywhere without missing a beat. Tap into PDF and e-sign features that get the job done on desktop, mobile, or web.
Get started
Work in harmony anywhere.
Keep your finger on the pulse even on the go. Share PDFs and get back to comments using your phone or tablet.
Remix your work.
Edit a line of text, add new imagery throughout, and refine your project right in the PDF.
Get this show on the web.
Access your tools o...
Pitch perfect PDFs π―
Turn your project into a PDF that’s ready to share — all in Acrobat Pro.
Save 40% on Acrobat.
Show them your best.
Convert your deck into a PDF presentation. Lock in every detail so it shares exactly how you imagined.
Get started
Special Pricing for India
Get Adobe Acrobat for less than ₹950/mo. Annual plan, billed monthly.
Get started
Adobe services, like Adobe Document Cloud,...
Comments
Post a Comment