Security Alert (A25-12-13): Multiple Vulnerabilities in React


 

Published on: 12 December 2025

Description:

React released a security advisory to address the recent threat activity affecting React Server Components. The detailed information can be found at:
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

 

Affected Systems:

  • React Server Components (react-server-dom-webpack, react-server-dom-parcel and react-server-dom-turbopack) version 19.0.0, 19.0.1, 19.0.2, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1 and 19.2.2

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to denial of service or information disclosure on an affected system.

 

Recommendation:

Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
  • https://www.hkcert.org/security-bulletin/react-multiple-vulnerabilities_20251212
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55183 (to CVE-2025-55184)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67779


Tag: React
Tags