VDB

GCVE-VVD-NCSC-2025-380

GCVE-VVD-NCSC-2025-380
Advisory PublishedCVSS 10.0/10
Vulnetix · Advisory published December 3, 2025
React Server Components versions 19.0.0 to 19.2.0 contain a critical unauthenticated remote code execution vulnerability due to unsafe deserialization of HTTP request payloads, necessitating immediate upgrades to fixed versions.
Download JSON Open in Console

Weaknesses (CWE)

CWE-502Deserialization of Untrusted Data

Risk Scores

CVSS 3.1
10.0/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Metavers:unknown/*
Meta Open Sourcevers:unknown/*

Aliases

CVE-2025-66478CVE-2025-55182

Transitive aliases

BDU:2025-15156EUVD-2025-200983EUVD-2025-200984CNVD-2025-29923H1-3463045WID-SEC-W-2025-2738GHSA-fv66-9v8q-g76rVVD-CISA-2025-55182VVD-BUGCROWD-2025-547a2f57-37a4-446a-af5d-11e4b24204e2GHSA-9qr9-h5gf-34mpCGA-jm9h-35rg-mffjNCSC-2025-0380CGA-3qrq-jr55-42fvVVD-BUGCROWD-2025-34c78a3a-88bd-4c56-8c1b-632bc0ea3742cisco-sa-react-flight-TYw32DdbVVD-ANCHORE-2025-55182H1-3458235VVD-CESS-2025-55182CERTFR-2025-ALE-014

References

advisory
exploit
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›