'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole
theregister.co.ukA maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.
The React team disclosed the unauthenticated remote code execution (RCE) vulnerability in React Server Components on Wednesday. It's tracked as CVE-2025-55182 and received a maximum 10.0 CVSS severity rating.
This is a big deal because much of the internet is built on React – one estimate suggests 39 percent of cloud environments are vulnerable to this flaw. This issue therefore deserves a prominent place on your to-do list.
The bug affects versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of:
It also affects the default configuration of several React frameworks and bundlers including next, react-router, waku, @parcel/rsc ...
Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE