CVE-2025-55184 PoC — Meta React Server Components 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-55184.yaml

Associated Vulnerability

Title:Meta React Server Components 安全漏洞 (CVE-2025-55184)
Description:Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.0版本、19.0.1版本、19.1.0版本、19.1.1版本、19.1.2版本、19.2.0版本和19.2.1版本存在安全漏洞，该漏洞源于不安全反序列化HTTP请求负载，可能导致无限循环和拒绝服务。

Description

React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause denial of service by hanging the server process.

File Snapshot


 id: CVE-2025-55184

info:
  name: React Server Components - Denial of Service
  author: DhiyaneshDk


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!