Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025

On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system.
For a description of this vulnerability, see the public React Security Advisory.
Cisco’s standard practice is to update integrated third-party software components to later versions as they become available.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb

<br/>Security Impact Rating: Critical

<br/>CVE: CVE-2025-55182Cisco Security AdvisoryRead More