React Server Component Security Update Advisory (CVE-2025-55182)

Dec 05 2025

Overview

We have released a security update to address a vulnerability in React Server Component (RSC). Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-55182

React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.0.0
React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.1.0
React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.1.1
React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.2.0

Resolved Vulnerabilities

Remote code execution vulnerability in React Server Components (CVE-2025-55182)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-55182

React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.0.1
React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.1.2
React-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.2.1

References

[1] Critical Security Vulnerability in React Server Components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

React Server Component Security Update Advisory (CVE-2025-55182)

Dell Product Security Update Advisory

MS Family December 2025 Security Update Advisory

Tags:

Dell Product Security Update Advisory

MS Family December 2025 Security Update Advisory