CVE-2025-55183 (GCVE-0-2025-55183)
Vulnerability from cvelistv5
Published
2025-12-11 20:04
Modified
2025-12-11 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- (CWE-502) Deserialization of Untrusted Data. (CWE-497) Exposure of Sensitive System Information to an Unauthorized Actor
Summary
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
References
| URL | Tags | ||
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Meta | react-server-dom-webpack |
Version: 19.0.0 ≤ 19.0.1 Version: 19.1.0 ≤ 19.1.2 Version: 19.2.0 ≤ 19.2.1 |
||||||||||||
|
||||||||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "react-server-dom-webpack",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "react-server-dom-turbopack",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "react-server-dom-parcel",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "(CWE-502) Deserialization of Untrusted Data. (CWE-497) Exposure of Sensitive System Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:09:32.286Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55183",
"datePublished": "2025-12-11T20:04:48.655Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2025-12-11T20:09:32.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55183\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2025-12-11T20:16:00.460\",\"lastModified\":\"2025-12-12T18:18:19.950\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndExcluding\":\"19.0.2\",\"matchCriteriaId\":\"4B63E074-FEA2-495B-98C6-9D74E343A1C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.1.0\",\"versionEndExcluding\":\"19.1.3\",\"matchCriteriaId\":\"4C133EED-6729-453F-B832-3E5A7EC22E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.2.0\",\"versionEndExcluding\":\"19.2.2\",\"matchCriteriaId\":\"DE6F153C-825C-41B6-BE6F-2552A26307E0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.7\",\"matchCriteriaId\":\"7F89ACED-432F-4789-A368-96D4E28DEE34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.11\",\"matchCriteriaId\":\"99287D38-84D1-470A-96EF-B1D851552139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.2.0\",\"versionEndExcluding\":\"15.2.8\",\"matchCriteriaId\":\"4E4E7989-19E3-44C5-B292-54C73FF3F356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.3.0\",\"versionEndExcluding\":\"15.3.8\",\"matchCriteriaId\":\"78D397D2-B678-4463-85AB-8887554166C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.4.0\",\"versionEndExcluding\":\"15.4.10\",\"matchCriteriaId\":\"137455D1-FCE0-4A58-A479-E7CA39EA969D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.5.0\",\"versionEndExcluding\":\"15.5.9\",\"matchCriteriaId\":\"7EFB67E0-24A1-4013-A654-C3EEAA2702DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.10\",\"matchCriteriaId\":\"009539CB-1F6D-446A-B581-1ABC70B10154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3ED7F693-8012-4F88-BC71-CF108E20664A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary0:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"40EE98AC-754A-4FD9-B51A-9E2674584FD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"13B41C54-AF21-4637-A852-F997635B4E83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"91B41697-2D70-488D-A5C3-CB9D435560CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7D43DB84-7BCF-429B-849A-7189EC1922D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"CEC2346B-8DBD-4D53-9866-CFBDD3AACEF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2BC95097-8CA6-42FE-98D7-F968E37C11B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4F8FA85C-1200-4FD2-B5D7-906300748BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary15:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5D0B177B-2A31-48E9-81C7-1024E2452486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary16:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7CCA01F3-3A14-4450-8A68-B1DA22C685B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary17:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1AB351AE-8C29-4E67-8699-0AAC6B3383E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary18:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"14A34D9D-5FA2-434B-836E-3CE63D716CCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary19:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E8440F05-F32B-4D40-90B7-04BF22107D86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FB6C6F6D-1EC0-4BD9-97A4-CFDE70DF0C43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary20:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6189BD4C-A3E2-451B-96B2-FF01250E946D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary21:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"389EE453-8B07-45DD-BE9C-277C9C5CB156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary22:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BA4D4638-4734-4B16-87AA-EF4B5D2DDD7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary23:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D54A2E63-6E0C-4E17-86A8-459B0A7EE00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary24:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E6136F0A-3010-4BAD-811B-D047CF5E6F64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary25:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"525EFA40-B14B-47E9-8FBD-45721A802DB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary26:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"69142944-1EC0-4F94-862E-FA7F2E101101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary27:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"30016C06-372D-4F98-84A8-0732CA054970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary28:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E1536E2B-84EC-46A3-9B6F-026364A9D927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary29:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5E6F1F60-30E2-407C-8152-EEEB7EFE24CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3C907301-2C8F-465B-8134-94130E29F5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary30:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E81C89FD-40CB-471E-9967-90ACDCF79373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary31:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"55E8AEEC-A686-49D6-B298-AEE4E838E769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary32:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"CB0618EC-6A0B-4AC3-BF6D-E51AC84C4E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary33:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7B27F133-8EB4-4761-A706-DF42D4EB55F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary34:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BF975472-B7E7-4AC8-B834-DA19897A4894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary35:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"48A82613-F3FD-4E89-8E4A-F3F05A616171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary36:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0D42CA1F-7C21-47C1-8A9C-1015286FCBE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary37:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7C83A4EF-B96F-40EC-BA1F-FE1370AF78AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary38:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C151FDAB-DE34-4A7E-9762-6E99386798BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary39:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"53025212-05F0-41FE-81F8-023B1784BB8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"68EAC2B9-32A5-4721-BB35-16D519CD1BBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary40:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7411EF71-CBEB-4127-935F-3C732A1E22AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary41:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0C4B8930-1B65-4894-AFA8-C323AA7A8292\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary42:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B4977345-BD8C-41C7-9DD7-1E41D6CC6438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary43:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EFE030A4-5B14-4C2D-B953-E80C98FB26EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary44:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9F616FD4-83BF-4A9A-AFFD-0D3E2544DC7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary45:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"00512630-8B88-43B0-9ED3-2B33C64CC9A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary46:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A88EEF11-C7DA-4E2D-A030-FC177E696557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary47:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BE8453D9-7275-4A5F-8732-F05662FFF2E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary48:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E306B896-9BBB-424B-8D99-7A1A79AEFE9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary49:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"ACA87B86-33D5-4BEA-A13D-EEB4922D511E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"77AA0D23-B101-445C-A260-ED3152A93D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary50:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7D7DCCF7-FC83-4767-A0C2-C84A8B14F93B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary51:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FD397568-7F1F-4153-AF08-B22D4D3B45F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary52:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"984416EF-B121-40CE-B3AD-E22A06BB5844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary53:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C4B58652-EE24-43CF-8ABE-4A01B2C9938C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary54:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8090CF73-AEA7-43FC-A960-321BED3B1682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary55:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"823164E5-609D-4F24-86A5-E25618FE86A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary56:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E13CD688-63C3-4FFA-9D13-696005F0C155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary57:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B397B18C-8A7A-4766-9A68-98B26E190A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary58:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"15454C74-5F28-475D-830A-2AE603292301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary59:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A638BD4D-8CE5-421E-97C3-A56A4F057A50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2DB345E3-BAD0-497E-93AE-5E4DC669C192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"840FEB19-2C66-4004-A488-B90219F8AC05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C260F966-73D7-43F3-A329-8C558A695821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"28130A79-39B5-43E8-A690-C8E9C62483F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"09089CEC-B446-496E-940D-AD4FE4E440ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary0:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"22B740D5-0CF9-45D6-A12A-FE0567276481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"256B837F-159D-449B-A748-5E4136E17D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7091E48E-8CD5-41DB-835F-6A3DC82CC10E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F074BCE2-16CA-4628-9325-4C1865F71B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EC66102A-F2C4-4069-A7D0-CA1E1961B048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D9AFF756-AD32-4B69-A3C2-CD77BEEDC30D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"550CC768-2BFF-41D2-B2A9-6332782FAE8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary15:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"65B15DCD-A2F3-445A-85FC-1B35F176FAA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary16:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6923D356-EF15-4747-877B-74F6B5CFC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary17:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2B1A9FB9-9501-4F29-9535-D21387A668DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary18:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DA2A5F90-BEC1-4588-BFD6-4D095EAB40A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"061F871B-F0F9-4166-8D97-3A9F6D234AD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2F375E07-2ACB-4FF1-86C7-D499EEA9BD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4540A878-F057-4371-97C8-B286921E7F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F7A5ED68-0BB9-4699-B0F5-C425DC92F8A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"76CD81F2-69D3-47F0-988E-235A16870511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"74EE714B-8E4F-47A0-9C9C-C3A93810ABB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1C2E002A-D038-492A-8B83-F5EF658B56ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F369DF32-1EF0-4342-BFEF-CFC0F485D8B6\"}]}]}],\"references\":[{\"url\":\"https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.facebook.com/security/advisories/cve-2025-55183\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…