CVE-2025-55184_CVE-2025-55184

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Basic Information

ID CVE-2025-55184

Source Meta

Published Dec 11, 2025 at 20:05

Modified Dec 11, 2025 at 20:11

Affected Product

Vendor Meta

Product react-server-dom-webpack

Version 19.0.0

Affected Versions Meta react-server-dom-webpack 19.0.0
Meta react-server-dom-webpack 19.1.0
Meta react-server-dom-webpack 19.2.0
Meta react-server-dom-turbopack 19.0.0
Meta react-server-dom-turbopack 19.1.0
Meta react-server-dom-turbopack 19.2.0
Meta react-server-dom-parcel 19.0.0
Meta react-server-dom-parcel 19.1.0
Meta react-server-dom-parcel 19.2.0

References

{
    "lastseen": "",
    "description": "A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.",
    "published": "2025-12-11T20:05:01.328Z",
    "modified": "2025-12-11T20:11:26.262Z",
    "type": "cve",
    "title": "CVE-2025-55184",
    "source": "Meta",
    "references": "https://www.facebook.com/security/advisories/cve-2025-55184\nhttps://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components",
    "id": "CVE-2025-55184",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Meta react-server-dom-webpack 19.0.0\nMeta react-server-dom-webpack 19.1.0\nMeta react-server-dom-webpack 19.2.0\nMeta react-server-dom-turbopack 19.0.0\nMeta react-server-dom-turbopack 19.1.0\nMeta react-server-dom-turbopack 19.2.0\nMeta react-server-dom-parcel 19.0.0\nMeta react-server-dom-parcel 19.1.0\nMeta react-server-dom-parcel 19.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "react-server-dom-webpack",
    "version": "19.0.0",
    "vendor": "Meta",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply