THREATOPS
THREAT OPSThreat News › 2025-041: Critical Security Vulnerability in React Server Components

2025-041: Critical Security Vulnerability in React Server Components

infocert_euPublished 2025-12-04

On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests.<br /> It is recommended to update all affected component packages and any frameworks that integrate them.<br />

Original source: https://cert.europa.eu/publications/security-advisories/2025-041/