A critical vulnerability affecting React Server Components, identified as CVE-2025-55182, and another in Next.js, CVE-2025-66478, are actively being exploited. Palo Alto Networks Unit 42 detected initial exploitation attempts as early as December 10, 2025. These vulnerabilities can lead to arbitrary code execution, posing significant risks to affected applications and their users.

Understanding the React Server Component Vulnerability

The exploitation campaign targets a supply chain compromise impacting a popular open-source library used by applications built with React and Next.js. Attackers are leveraging these weaknesses to gain unauthorized access and execute malicious code within vulnerable systems. The nature of these vulnerabilities allows for remote code execution, providing a pathway for severe cyberattacks.

Impact and Mitigation for React and Next.js Users

The successful exploitation of CVE-2025-55182 and CVE-2025-66478 can result in data exfiltration, unauthorized system access, and potentially full system compromise. Organizations utilizing React Server Components and Next.js are strongly advised to apply patches released by React and Next.js developers immediately. Timely application of these security updates is crucial to protect against the ongoing exploitation attempts and safeguard sensitive data and infrastructure.

Source: https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/