React Server Components Vulnerability Checker

Checks for CVE-2025-55182 (RCE), CVE-2025-55184 (DoS), and CVE-2025-55183 (Source Code Exposure)

⚠️ Temporary Tool

This is a temporary tool to help identify potentially vulnerable sites.

About These Vulnerabilities

CVE-2025-55182 (Critical - RCE)

Critical remote code execution vulnerability affecting React Server Components in React versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. CVSS Score: 10.0. Patched in 19.0.1, 19.1.2, and 19.2.1+.

CVE-2025-55184 (High - DoS)

High-severity Denial of Service vulnerability affecting React 19.0.0 through 19.2.1. Malicious HTTP requests can cause the server process to hang and consume CPU. Patched in React 19.2.2+ and Next.js patches.

CVE-2025-55183 (Medium - Source Code Exposure)

Medium-severity Source Code Exposure vulnerability affecting React 19.0.0 through 19.2.1. Malicious HTTP requests can return compiled source code of Server Actions, potentially revealing business logic. Patched in React 19.2.2+ and Next.js patches.

All vulnerabilities affect React Server Components and Next.js 13.x through 16.x (before patches). The vulnerabilities were detected and patched by the React team in December 2025.

Additional Resources

• React Security Advisory (CVE-2025-55182)
• Vercel Security Bulletin (CVE-2025-55184 & CVE-2025-55183)
• Update React Server Components to 19.2.2+ (or 19.0.1, 19.1.2, 19.2.1 for CVE-2025-55182 only)
• Update Next.js to patched versions: 14.2.34+, 15.0.6+, 15.1.10+, 15.2.7+, 15.3.7+, 15.4.9+, 15.5.8+, or 16.0.9+