A critical security vulnerability (CVE-2025-55182) has recently been disclosed in React 19 and related frameworks, including Next.js.
What could be the impact?
This vulnerability could allow an unauthenticated attacker to execute code on affected servers, posing a serious risk to system integrity and data security. It has already been actively exploited worldwide, with incidents reported by companies such as Cloudflare.
Current status
We have reviewed our products and confirmed that none are affected by this vulnerability.