Skip to content
Contact us

Critical React Vulnerability: Immediate Action Required to Mitigate Remote Code Execution Risk

Picture of The 1898 & Co. Team

A critical security vulnerability has been identified in React, a widely used JavaScript library for building web applications. This flaw, labeled CVE-2025-55182, affects React Server Components (RSC) and allows unauthenticated remote code execution on servers. The vulnerability has been rated with a maximum severity score of 10 out of 10, indicating its potential to cause significant harm. It is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. Administrators are urged to upgrade to the fixed versions 19.0.1, 19.1.2, and 19.2.1 immediately.

The vulnerability stems from a flaw in how React decodes payloads sent to React Server Function endpoints, which can be exploited by attackers to execute arbitrary code on the server. This issue affects not only applications directly using these endpoints but also those supporting React Server Components indirectly through frameworks like Next.js and others. Researchers estimate that 39% of cloud environments contain vulnerable instances of React and Next.js, with a significant portion of these environments publicly exposed.

The potential impact of this vulnerability is severe, as it allows attackers to craft malicious HTTP requests that can compromise server execution logic and run privileged JavaScript code. The attack vector is unauthenticated and remote, requiring only a specially crafted request to exploit the flaw. Given the widespread use of React and its frameworks, millions of websites could be at risk if not promptly updated.

Threats and Vulnerabilities

The primary threat posed by this vulnerability is the ability for attackers to execute arbitrary code on affected servers without authentication. This is achieved through a flaw in the deserialization process of payloads sent to React Server Function endpoints. The vulnerability affects several popular React packages and frameworks, including Next.js, which is used in a significant percentage of cloud environments.

The impact of this vulnerability is substantial, as it allows for full remote code execution with high fidelity and a near 100% success rate in exploitation attempts. The attack vector is straightforward, involving the sending of a specially crafted HTTP request to a vulnerable server endpoint. This makes it particularly dangerous for publicly exposed applications running on affected frameworks.

Client Impact

Clients using affected versions of React or its associated frameworks may experience severe operational disruptions if this vulnerability is exploited. Potential impacts include unauthorized access to sensitive data, financial losses due to service downtime or data breaches, and significant damage to organizational reputation. The ease of exploitation and the widespread use of affected frameworks increase the likelihood of successful attacks.

From a compliance perspective, organizations may face regulatory challenges if data breaches occur as a result of this vulnerability. This could lead to audits or penalties under data protection regulations such as GDPR or CCPA. It is crucial for clients to assess their exposure and take immediate action to mitigate the risk.

Mitigations

To mitigate the risks associated with this critical vulnerability, clients should take the following actions:

  1. Upgrade all affected React packages to the fixed versions: react-server-dom-parcel 19.0.1, react-server-dom-turbopack 19.1.2, and react-server-dom-webpack 19.2.1.
  2. Ensure that all RSC-enabled frameworks, such as Next.js, are updated to their latest patched versions.
  3. Implement additional security measures such as Web Application Firewalls (WAFs) to detect and block malicious HTTP requests targeting vulnerable endpoints.
  4. Conduct a thorough review of server configurations and disable any unnecessary server function endpoints.
  5. Monitor network traffic for unusual activity that may indicate attempted exploitation of this vulnerability.

Taking these steps will significantly reduce the risk of exploitation and help protect against potential attacks. Clients are encouraged to remain vigilant and continue monitoring for updates from React and related framework maintainers.

1898 & Co. Response

1898 & Co. is actively addressing the current threat landscape by offering specialized services to help clients mitigate this critical React vulnerability. Our team is providing guidance on upgrading affected packages and implementing additional security measures to protect against potential exploitation.

We are updating our security protocols to incorporate the latest threat intelligence and collaborating with industry allies to share insights and best practices for mitigating this vulnerability. Our ongoing research efforts focus on identifying emerging threats and developing effective countermeasures.

Clients can benefit from our expertise through tailored security assessments and incident response services designed to address vulnerabilities in their specific environments. We are committed to supporting our clients in navigating these challenges and enhancing their overall security posture.

Sources

  1. React / Next.js Security Advisory: Critical Vulnerability in Server Components
  2. CVE Details for CVE-2025-55182 Details