React Server Component Security Update Advisory

Dec 15 2025

Overview

We have released a security update to address a vulnerability in React Server Component (RSC). Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-55184, CVE-2025-67779

react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Versions: 19.0.0, 19.0.1, 19.0.2
react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack versions: 19.1.0, 19.1.1, 19.1.2, 19.1.3
react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.2.0, 19.2.1, 19.2.2

Resolved Vulnerabilities

Denial of service vulnerability in React Server Components (CVE-2025-55184, CVE-2025-67779)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-55184, CVE-2025-67779

react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack Version: 19.0.3
react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.1.4
react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack version: 19.2.3

References

[1] Denial of Service and Source Code Exposure in React Server Components
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-compon..

React Server Component Security Update Advisory

D-Link Product Security Update Advisory (CVE-2025-13607)

Mozilla Product Security Update Advisory

Tags:

D-Link Product Security Update Advisory (CVE-2025-13607)

Mozilla Product Security Update Advisory