New! Try the FREE Predictive Security Plugin for WordPress – Scan, Secure & Stay Safe in Seconds!

Current CyberSecurity Advisories

Critical vulnerability in React Server Components (CVE-2025-55182)

Release date

04 December 2025

Alert rating

Critical

Description

ASD’s ACSC is aware of a critical vulnerability in React Server Components.

Audience

Small & medium businessesOrganisations & Critical InfrastructureGovernment

Current update

This alert is relevant to all Australian businesses and organisations.

This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services.

Background

ASD’s ACSC is aware of a critical vulnerability in React Server Components, which is used extensively in modern web applications.

CVE-2025-55182 enables an attacker to achieve unauthenticated Remote Code Execution (RCE) in vulnerable versions of the following packages:

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack

Mitigation advice

Australian organisations should review their networks for vulnerable instances of these packages and upgrade to fixed versions as outlined here: React security blog.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).

Source

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/critical-vulnerability-in-react-server-components-cve-2025-55182

Protect your assets with Predictive

🤖 Hello, how can I assist you today?
I can help you with:
✅ Answer questions related to the website.
✅ Help you understand things you don't know.

❓ What's Tisalabs

💻 What's IoT

🔒 Why sensor data must be protected?