Thirty-nine percent of cloud environments were noted by Wiz to have instances of the JavaScript library React and React-based frameworks, such as Next.js, that are vulnerable to the maximum severity unauthenticated remote code execution flaw, tracked as CVE-2025-55182, which could be subjected to widespread exploitation soon, reports The Register.Immediate remediation of the security weakness has been urged by both the React team and Next.js lead maintainer Vercel, which tracks the issue as CVE-2025-66478, as it could be easily harnessed in cyberattacks. Illicit HTTP requests made to Server Function endpoints could allow RCE on the server upon deserialization by React, said Vercel in an alert."CVE-2025-55182 represents a major risk to users of one of the world's most widely used web application frameworks. Exploitation requires few prerequisites [and] there should be no doubt that in-the-wild exploitation is imminent as soon as attackers begin analyzing now-public patches," said watchTowr founder and CEO Benjamin Harris.
Vulnerability Management, Patch/Configuration Management
Maximum severity React vulnerability threatens extensive compromise

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


