Security maintainers have released patches for a maximum-severity vulnerability affecting widely used JavaScript ecosystems, including React and Node.js. The vulnerability is tracked as CVE-2025-55182 and has been assigned a CVSS score of 10.0, the highest possible rating, indicating critical severity.

The flaw allows for remote code execution (RCE), and developers using the affected software are urged to update their dependencies without delay. The advisory was issued following a coordinated disclosure process to allow for patches to be prepared and distributed.

Vulnerability Details: CVE-2025-55182

The security flaw, identified as CVE-2025-55182, is a remote code execution vulnerability. Its assignment of a CVSS 10.0 score underscores the seriousness of the issue. The vulnerability exists in a core component shared across the frameworks, making a broad range of web applications and services susceptible. Details in the official security advisory confirm that successful exploitation does not require user interaction.

Patched Versions and Mitigation

Patches have been made available to address CVE-2025-55182. Administrators and developers must upgrade their environments to the latest secure versions. The patched versions released by the respective projects are Node.js 20.10.1 and React 18.3.2. All prior versions are considered vulnerable to this remote code execution flaw. The official recommendation from security teams is to apply these updates as an immediate priority to mitigate the risk.

Source: https://www.helpnetsecurity.com/2025/12/04/react-node-js-vulnerability-cve-2025-55182/