LONDON (IT BOLTWISE) – A serious security flaw in the widely used JavaScript library React is currently threatening numerous cloud environments. The vulnerability allows attackers to execute malicious code without authentication, creating a significant security risk for many organizations.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
A recently discovered vulnerability in the popular JavaScript library React, as well as several frameworks based on it, such as Next.js, poses a significant risk to cloud environments. This vulnerability, known as CVE-2025-55182, allows attackers to execute malicious code without authentication. Security researchers warn that mass exploitation of this vulnerability is imminent.
The React developers disclosed the vulnerability in the React Server Components on Wednesday. With a maximum CVSS severity rating of 10.0, the urgency of the situation is highlighted. Since much of the Internet is based on React, it is estimated that around 39 percent of cloud environments are affected by this vulnerability. This makes immediately resolving the vulnerability a priority for all affected companies.
Affected versions are React versions 19.0, 19.1.0, 19.1.1, and 19.2.0, as well as the default configurations of several React frameworks and bundlers, including Next.js, react-router, and others. The project managers recommend an immediate upgrade to versions 19.0.1, 19.1.2 and 19.2.1 to fix the vulnerability.
Vercel, the lead developer of Next.js, also assigned its own CVE (CVE-2025-66478) for the vulnerability and released an alert and patch on Wednesday. While not many details are known about the vulnerability, it is clear that it exploits a gap in the way React decodes payloads to Server Function Endpoints.
The vulnerability was discovered by researcher Lachlan Davidson and reported to Meta, which created the open source project React. Meta worked quickly with the React team to deploy an emergency patch within four days. Given the widespread use of React by companies like Facebook, Instagram, Netflix, and many others, the importance of this vulnerability cannot be underestimated.
The threat of this vulnerability is compounded by the fact that it is highly likely to be successfully exploited, as testing by a soon-to-be Google company has shown. Due to its high severity and easy exploitability, an immediate update is required to ensure the security of affected systems.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “React vulnerability threatens cloud environments worldwide”.