On December 3rd, 2025, React disclosed a critical remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE‑2025‑55182. Shortly after, a related vulnerability was confirmed in Next.js App Router, registered as CVE‑2025‑66478. Both issues were assigned a CVSS score of 10.0, indicating the highest severity level. CISA has acknowledged the vulnerability’s active … Continue reading “React Server Components (RSC) Remote Code Execution Vulnerabilities”
Tag: Next.js
Next.js Middleware Authorization Bypass Vulnerability (CVE-2025-29927)
Next.js, a React framework, is vulnerable to a critical severity flaw, tracked as CVE-2025-29927. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to bypass authorization checks within a Next.js application.