CVE-2025-55183: CVE-2025-55183

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-55183

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Meta React Server Components 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.0版本、19.0.1版本、19.1.0版本、19.1.1版本、19.1.2版本、19.2.0版本和19.2.1版本存在安全漏洞，该漏洞源于特制HTTP请求可能不安全返回服务器功能源代码，可能导致信息泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Meta	react-server-dom-webpack	19.0.0 ~ 19.0.1	-
Meta	react-server-dom-turbopack	19.0.0 ~ 19.0.1	-
Meta	react-server-dom-parcel	19.0.0 ~ 19.0.1	-

II. Public POCs for CVE-2025-55183

#	POC Description	Source Link	Shenlong Link
1	A CVE-2025-55183 secret miner	https://github.com/Saturate/CVE-2025-55183	POC Details
2	PoC for CVE-2025-55183	https://github.com/kimtruth/CVE-2025-55183-poc	POC Details
3	Batch upgrade all your Next.js apps to patched versions - fight back against CVE-2025-55183/55184/67779	https://github.com/williavs/nextjs-security-update	POC Details
4	CVE-2025-55183 POC	https://github.com/X-Cotang/CVE-2025-55183_POC	POC Details
5	CVE-2025-55183 Scanner	https://github.com/omaidnebari/RSC-Scanner-POC	POC Details
6	Security research lab for CVE-2025-55183 and CVE-2025-55184 in React Server Components	https://github.com/StealthMoud/react-server-cve-lab	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-55183

Please Login to view more intelligence information

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-componentsx_refsource_CONFIRM
https://www.facebook.com/security/advisories/cve-2025-55183x_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2025-55183

IV. Related Vulnerabilities

Same product: react-server-dom-webpack

Same vendor: Meta

V. Comments for CVE-2025-55183

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-55183

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-55183

III. Intelligence Information for CVE-2025-55183

IV. Related Vulnerabilities

V. Comments for CVE-2025-55183

Leave a comment