The React team has recently addressed two critical vulnerabilities in React Server Components (RSC), which, if exploited, could lead to denial-of-service (DoS) attacks or the exposure of source code. The vulnerabilities were discovered by security researchers while testing the effectiveness of existing patches for another severe flaw (CVE-2025-55182) that has already been weaponized.
The specific vulnerabilities identified are:
- CVE-2025-55184 (CVSS score: 7.5): A pre-authentication DoS vulnerability due to unsafe deserialization of payloads from HTTP requests, which can cause an infinite loop that halts server processes, preventing further HTTP requests.
- CVE-2025-67779 (CVSS score: 7.5): This is an incomplete fix for CVE-2025-55184, resulting in similar impacts.
- CVE-2025-55183 (CVSS score: 5.3): This vulnerability involves information leakage, where specially crafted HTTP requests can reveal the source code of any affected Server Function.
Exploitation of CVE-2025-55183 requires that the exposed Server Function is capable of converting certain arguments into string format.
These vulnerabilities affect several versions of the react-server-dom parcel, turbopack, and webpack, specifically:
- For CVE-2025-55184 and CVE-2025-55183: versions 19.0.0, 19.0.1, 19.1.0 to 19.2.1.
- For CVE-2025-67779: versions 19.0.2, 19.1.3, and 19.2.2.
The researchers RyotaK and Shinsaku Nomura reported the DoS vulnerabilities, while Andrew MacPherson reported the information leak. Users are strongly recommended to update their systems to versions 19.0.3, 19.1.4, and 19.2.3 immediately, especially given the ongoing exploitation of CVE-2025-55182.
The React team underscored that when significant vulnerabilities are disclosed, it prompts security researchers to explore adjacent code paths for potential exploit vectors, indicating a dynamic and responsive security environment.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.