THREATOPS
THREAT OPSCVEs › CVE-2025-55182

CVE-2025-55182 — Meta React Server Components Remote Code Execution Vulnerability

CISA KEVExploited: confirmedMeta

Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182.

Vulnerability details

Exploiting threat actors

Related reporting