React Server CVE-2025-55182

[DrWizzle]

Don't know if this has been mentioned, but for you guys who may have customers using react server components, this also affects next.js. Apparently this is a biggy and Hetzner are informing every one of their customers that are running npm on their servers. I'm not using it for any projects at present but for those of you that are, it's advised to update immediately.

Critical Security Vulnerability in React Server Components – React

The library for web and native user interfaces

react.dev

 

[zEitEr]

Extra attention is required even if the application runs in a docker container on a server with docker running under "root" permissions.

 

[DrWizzle]

Yes, i've seen reports of guys getting slammed with DDOS notices as attacks have come from their server without them knowing. Seems this vulnerability is linked.