New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in the wild .

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service vulnerability arising from unsafe deserialization of payloads from HTTP requests to Server Function endpoints, triggering an infinite loop that hangs the server process and may prevent future HTTP requests from being served

CVE-2025-67779 (CVSS score: 7.5) - A

See Full Page

Interests (0)

Settings

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

Disney invests $1 billion in OpenAI, licenses Mickey Mouse to Sora AI platform

AI kids’ toys give explicit and dangerous responses in tests

Netflix announces deal to buy Warner Bros. and HBO

Top editors irked as Jeff Bezos' Washington Post churns out 'error

Passwordless Login Explained: How Modern Authentication Technology Is Changing Security

Essential Cloud Security Tips: How Everyone Can Protect Cloud Data Safely

Inside House Of Dior Beijing At Sanlitun

Arsenal transfers: Mikel Arteta rules out Gabriel Jesus exit

Trump signs executive order seeking to block state laws on AI

Kim Kardashian Says Her Kids Co-Sleep With Her NIghtly

Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

Dad Who Died Saving Son Had Heart Attack and Drowned, Wife Says

Gorilla Dancing in a Forest Wins Comedy Wildlife Photo Awards 2025

Trump launches gold card program for expedited visas with a $1 million price tag

How Social Security beneficiaries' tax bills may change this year

Judge orders immediate release of Kilmar Abrego Garcia from immigration detention

US seizes tanker off coast of Venezuela, Trump says

Trump admin moves to end major student loan forgiveness plan: 'We won't tolerate it'

USPS Announces Holiday Delivery Dates

Here are the five big takeaways from Wednesday's Fed rate decision

The Senate voted down dueling health proposals. Here's what's at stake for Americans