<p>For interested folks, here’s the React PR that fixes CVE-2025-55182 affecting React Server Components (CVSS 10.0 Critical Severity): <a href="https://github.com/facebook/react/pull/35277" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/facebook/react/pull</span><span class="invisible">/35277</span></a></p><p>Blog post: <a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">react.dev/blog/2025/12/03/crit</span><span class="invisible">ical-security-vulnerability-in-react-server-components</span></a></p><p>> Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.</p>
- Post #817
- Next December 3, 2025 at 5:35:00 PM UTC
- Previous December 3, 2025 at 4:46:10 PM UTC
- Wed, 03 Dec 2025 17:27:08 GMT — Zach Leatherman
- Original on Fediverse