For interested folks, here’s the React PR that fixes CVE-2025-55182 affecting React Server Components (CVSS 10.0 Critical Severity): https://github.com/facebook/react/pull/35277
Relevant blog post: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components