On December 3rd, 2025, React disclosed a critical remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE‑2025‑55182. Shortly after, a related vulnerability was confirmed in Next.js App Router, registered as CVE‑2025‑66478. Both issues were assigned a CVSS score of 10.0, indicating the highest severity level. CISA has acknowledged the vulnerability’s active … Continue reading “React Server Components (RSC) Remote Code Execution Vulnerabilities”