home.social

#cve202566478 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cve202566478, aggregated by home.social.

  1. ⠠⠵ avuko @[email protected] ·

    A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.

    The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.

    The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages -

    • react-server-dom-webpack
    • react-server-dom-parcel
    • react-server-dom-turbopack

    It's worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.

    thehackernews.com/2025/12/crit

    #REACTjs #NEXTjs #infosec #cybersecurity #CVE202566478 #CVE202555182 #ShitIsOnFireYo

    #reactjs #nextjs #infosec #cybersecurity #cve202566478 #cve202555182