CVE-2025-55184: additional act vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779)

Published Dec 11, 2025
·
Updated

## Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) - [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) - [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme) These issues are present in the patches published last week. ## Patches Fixes were back ported to versions 19.0.2, 19.1.3, and 19.2.2. If you are using any of the above packages please upgrade to any of the fixed versions immediately. If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability. ## References See the [blog post](https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components) for more information and upgrade instructions.

Affected Software

105 affected componentsFixes available
npm/react>=19.0.0<=19.2.1
npm/react-server-dom-parcel
npm/react-server-dom-turbopack
npm/react-server-dom-webpack
npm/react-server-dom-webpack>=19.2.0<19.2.2
19.2.2
npm/react-server-dom-webpack>=19.1.0<19.1.3
19.1.3
npm/react-server-dom-turbopack>=19.2.0<19.2.2
19.2.2
npm/react-server-dom-turbopack>=19.1.0<19.1.3
19.1.3
npm/react-server-dom-parcel>=19.2.0<19.2.2
19.2.2
npm/react-server-dom-parcel>=19.1.0<19.1.3
19.1.3
npm/react-server-dom-webpack>=19.0.0<19.0.2
19.0.2
npm/react-server-dom-turbopack>=19.0.0<19.0.2
19.0.2
npm/react-server-dom-parcel>=19.0.0<19.0.2
19.0.2
Facebook React>=19.0.0<19.0.2
Facebook React>=19.1.0<19.1.3
Facebook React>=19.2.0<19.2.2
Vercel Next.js Node.js>=13.3.0<14.2.35
Vercel Next.js Node.js>=15.0.0<15.0.7
Vercel Next.js Node.js>=15.1.0<15.1.11
Vercel Next.js Node.js>=15.2.0<15.2.8
Vercel Next.js Node.js>=15.3.0<15.3.8
Vercel Next.js Node.js>=15.4.0<15.4.10
Vercel Next.js Node.js>=15.5.0<15.5.9
Vercel Next.js Node.js>=16.0.0<16.0.10
Vercel Next.js Node.js=15.6.0
Vercel Next.js Node.js=15.6.0-canary0
Vercel Next.js Node.js=15.6.0-canary1
Vercel Next.js Node.js=15.6.0-canary10
Vercel Next.js Node.js=15.6.0-canary11
Vercel Next.js Node.js=15.6.0-canary12
Vercel Next.js Node.js=15.6.0-canary13
Vercel Next.js Node.js=15.6.0-canary14
Vercel Next.js Node.js=15.6.0-canary15
Vercel Next.js Node.js=15.6.0-canary16
Vercel Next.js Node.js=15.6.0-canary17
Vercel Next.js Node.js=15.6.0-canary18
Vercel Next.js Node.js=15.6.0-canary19
Vercel Next.js Node.js=15.6.0-canary2
Vercel Next.js Node.js=15.6.0-canary20
Vercel Next.js Node.js=15.6.0-canary21
Vercel Next.js Node.js=15.6.0-canary22
Vercel Next.js Node.js=15.6.0-canary23
Vercel Next.js Node.js=15.6.0-canary24
Vercel Next.js Node.js=15.6.0-canary25
Vercel Next.js Node.js=15.6.0-canary26
Vercel Next.js Node.js=15.6.0-canary27
Vercel Next.js Node.js=15.6.0-canary28
Vercel Next.js Node.js=15.6.0-canary29
Vercel Next.js Node.js=15.6.0-canary3
Vercel Next.js Node.js=15.6.0-canary30
Vercel Next.js Node.js=15.6.0-canary31
Vercel Next.js Node.js=15.6.0-canary32
Vercel Next.js Node.js=15.6.0-canary33
Vercel Next.js Node.js=15.6.0-canary34
Vercel Next.js Node.js=15.6.0-canary35
Vercel Next.js Node.js=15.6.0-canary36
Vercel Next.js Node.js=15.6.0-canary37
Vercel Next.js Node.js=15.6.0-canary38
Vercel Next.js Node.js=15.6.0-canary39
Vercel Next.js Node.js=15.6.0-canary4
Vercel Next.js Node.js=15.6.0-canary40
Vercel Next.js Node.js=15.6.0-canary41
Vercel Next.js Node.js=15.6.0-canary42
Vercel Next.js Node.js=15.6.0-canary43
Vercel Next.js Node.js=15.6.0-canary44
Vercel Next.js Node.js=15.6.0-canary45
Vercel Next.js Node.js=15.6.0-canary46
Vercel Next.js Node.js=15.6.0-canary47
Vercel Next.js Node.js=15.6.0-canary48
Vercel Next.js Node.js=15.6.0-canary49
Vercel Next.js Node.js=15.6.0-canary5
Vercel Next.js Node.js=15.6.0-canary50
Vercel Next.js Node.js=15.6.0-canary51
Vercel Next.js Node.js=15.6.0-canary52
Vercel Next.js Node.js=15.6.0-canary53
Vercel Next.js Node.js=15.6.0-canary54
Vercel Next.js Node.js=15.6.0-canary55
Vercel Next.js Node.js=15.6.0-canary56
Vercel Next.js Node.js=15.6.0-canary57
Vercel Next.js Node.js=15.6.0-canary58
Vercel Next.js Node.js=15.6.0-canary59
Vercel Next.js Node.js=15.6.0-canary6
Vercel Next.js Node.js=15.6.0-canary7
Vercel Next.js Node.js=15.6.0-canary8
Vercel Next.js Node.js=15.6.0-canary9
Vercel Next.js Node.js=16.1.0
Vercel Next.js Node.js=16.1.0-canary0
Vercel Next.js Node.js=16.1.0-canary1
Vercel Next.js Node.js=16.1.0-canary10
Vercel Next.js Node.js=16.1.0-canary11
Vercel Next.js Node.js=16.1.0-canary12
Vercel Next.js Node.js=16.1.0-canary13
Vercel Next.js Node.js=16.1.0-canary14
Vercel Next.js Node.js=16.1.0-canary15
Vercel Next.js Node.js=16.1.0-canary16
Vercel Next.js Node.js=16.1.0-canary17
Vercel Next.js Node.js=16.1.0-canary18
Vercel Next.js Node.js=16.1.0-canary2
Vercel Next.js Node.js=16.1.0-canary3
Vercel Next.js Node.js=16.1.0-canary4
Vercel Next.js Node.js=16.1.0-canary5
Vercel Next.js Node.js=16.1.0-canary6
Vercel Next.js Node.js=16.1.0-canary7
Vercel Next.js Node.js=16.1.0-canary8
Vercel Next.js Node.js=16.1.0-canary9

Event History

Dec 11, 2025
CVE Published
via MITRE·08:05 PM
Data Sourced
via MITRE·08:05 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·10:36 PM
Data Sourced
via GitHub·10:36 PM
DescriptionSeverityWeaknessAffected Software
Dec 12, 2025
News Published
via The Register·06:23 PM
News Published
via The Register·06:27 PM
Dec 15, 2025
News Published
via The Register·05:53 PM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-55184?

CVE-2025-55184 is classified as a denial of service vulnerability that can disrupt application availability.

2

How do I fix CVE-2025-55184?

To fix CVE-2025-55184, upgrade to the latest version of React Server Components that is not affected by the vulnerability.

3

Which versions of React are affected by CVE-2025-55184?

CVE-2025-55184 affects React Server Components versions 19.0.0 to 19.2.1.

4

What components are impacted by CVE-2025-55184?

CVE-2025-55184 impacts the packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack.

5

What type of vulnerability is CVE-2025-55184?

CVE-2025-55184 is a pre-authentication denial of service vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203