CVE-2025-55182

Confirmed PUBLISHED

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...

Meta · react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

1 day faster than CISA KEV

Exploited in the wild Active exploitation observed Used in malware PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
946
Unique Attacker IPs
114
CISA KEV
In CISA KEV
CVSS / EPSS
10.0 Critical EPSS 99.6%

At a Glance

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

cisa nuclei_scanner malware
CVE Published
Dec 03, 2025
Exploitation Reported
Jun 01, 2026
CVSS
10.0 Critical
EPSS
99.6%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Meta
react-server-dom-webpack

19.0.0 to <= 19.0.0

Affected
Meta
react-server-dom-webpack

19.1.0 to <= 19.1.1

Affected
Meta
react-server-dom-webpack

19.2.0 to <= 19.2.0

Affected
Meta
react-server-dom-turbopack

19.0.0 to <= 19.0.0

Affected
Meta
react-server-dom-turbopack

19.1.0 to <= 19.1.1

Affected
Meta
react-server-dom-turbopack

19.2.0 to <= 19.2.0

Affected
Meta
react-server-dom-parcel

19.0.0 to <= 19.0.0

Affected
Meta
react-server-dom-parcel

19.1.0 to <= 19.1.1

Affected
Meta
react-server-dom-parcel

19.2.0 to <= 19.2.0

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.