React Multiple Vulnerabilities

Release Date: 12 Dec 2025

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in React. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure

---

System / Technologies affected

For affected versions of React:

• The vulnerability is present in versions 19.0.0, 19.0.1, 19.0.2, 19.1.0, 19.1.1, 19.1.2, 19.1.2, 19.2.0, 19.2.1 and 19.2.2 of:

  • react-server-dom-webpack
  • react-server-dom-parcel
  • react-server-dom-turbopack
• Affected frameworks and bundlers: Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk.

For detail, please refer to the links below:

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

---

Vulnerability Identifier

• CVE-2025-55183
• CVE-2025-55184
• CVE-2025-67779

---

Source

• React

---

Related Link

• https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components