CVE advisoryKnown Exploit
CVE-2025-55182
React Server Components Remote Code Execution Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in React Server Components and Next.js allows unauthenticated remote code execution by unsafely deserializing HTTP request payloads. This impacts organizations using affected versions, creating a risk of unauthorized system control and data compromise.