THREAT OPS › Threat News › 2025-041: Critical Security Vulnerability in React Server Components
2025-041: Critical Security Vulnerability in React Server Components
On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests.<br /> It is recommended to update all affected component packages and any frameworks that integrate them.<br />
Original source: https://cert.europa.eu/publications/security-advisories/2025-041/