react and next.js - CVE-2025-55182 - Score 10.0 - pre-authentication remote code execution

james

Hello Cloudron Forum

Spreading awareness of the React and Next.js CVE that was published two days ago.

Sources:

• https://nvd.nist.gov/vuln/detail/CVE-2025-55182
• https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
• https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r

TL;DR

If you are running custom React or Next.js applications, please update them as soon as possible.

CVE fixed in:

React:

• 19.0.1
• 19.1.2
• 19.2.1

Next.js:

• 15.0.5
• 15.1.9
• 15.2.6
• 15.3.6
• 15.4.8
• 15.5.7
• 16.0.7