Help
Lacework
Access helpful articles and other FAQs on Lacework
srubin
Staff
Staff

Created on ‎12-03-2025 09:20 PM Edited on ‎12-09-2025 06:32 AM By Community Manager

Article Id 421658

Technical Tip: How does Lacework FortiCNAPP Protect from CVE-2025-55182 & CVE-2025-66478, React & NextJS Remote Code Execution Vulnerability

Description

This article describes a Remote Code Execution (RCE) vulnerability in React (CVE-2025-55182) and Next.js (CVE-2025-66478) that allows an unauthenticated attacker to craft a malicious HTTP request to achieve remote code execution. The vulnerability was first reported by React on December 3rd, 2025.

 

The vulnerability primarily exists in the react-server component, which is used by React and NextJS. The React Server components allow for the React client to call functions on the server to facilitate functionality such as chunk-loading and server-side rendering (SSR).

 

The vulnerability allows an unauthenticated attacker to craft a malicious HTTP request to any React Server endpoint, which is then deserialized by React to achieve remote code execution.
Scope

Affected Versions

NextJS Versions: 

  • < v15.0.5.
  • < v15.1.9.
  • < v15.2.6.
  • < v15.3.6.
  • < v15.4.8.
  • < v15.5.7.
  • < v16.0.7.

 

React Versions:
  • = v19.0.
  • >= v19.1.0, < v19.1.2.
  • = v19.2.0.

 

React Packages:

 

Attack Vector: An unauthenticated, malicious HTTP request.

Potential Impact: Remote Code Execution.

 

In-depth information can be found at React.Dev Blog - Critical Security Vulnerability in React Server Components.
Solution

Lacework FortiCNAPP automatically detects affected packages found in user environments via the Vulnerability Management Component and Code Security Component. FortiCNAPP will also detect Potentially Compromised Hosts via Composite Alerts and Polygraph

 

To mitigate this vulnerability, users of affected packages should immediately update to patched versions.

 

NextJS Mitigation:

 

npm install next@15.0.5   // for 15.0.x
npm install next@15.1.9   // for 15.1.x
npm install next@15.2.6   // for 15.2.x
npm install next@15.3.6   // for 15.3.x
npm install next@15.4.8   // for 15.4.x
npm install next@15.5.7   // for 15.5.x
npm install next@16.0.7   // for 16.0.x

 

React Mitigation:

 

// react-server-dom-parcel
npm install react@latest react-dom@latest react-server-dom-parcel@latest
// react-server-dom-turbopack
npm install react@latest react-dom@latest react-server-dom-turbopack@latest
// react-server-dom-webpack
npm install react@latest react-dom@latest react-server-dom-webpack@latest

 

Note: React and React-dom are not vulnerable, but must be updated alongside react-server-dom-* packages.
1334
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.