KEV Entry

CVE-2025-55182

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability
Entry Details
Confirmed Exploited

CVE-2025-55182

2026-04-08 00:00 UTC

Timestamps

2026-04-08

2026-04-08

Scope

Affected: Meta / React Server Components | Description: Flaw in how React decodes payloads sent to React Server Function endpoints enabled unauthenticated remote code execution. Apps supporting React Server Components may still be vulnerable even if not implementing any React Server Function endpoints. | Exploitation type: APT | Threat actors: unknown | Origin source: cnw | Notes: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions

References
  • {'id': 'CVE-2025-55182', 'url': 'https://www.cve.org/CVERecord?id=CVE-2025-55182'}
  • {'id': 'EUVD-2025-2009839', 'url': 'https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-2009839'}
  • {'id': 'source', 'url': 'https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions'}

fe0059d8-6b86-4e56-99cf-a4411838fa90

cce329bf-df49-4c6e-a027-80be2e6483bd

2026-06-05 17:04 UTC

2026-06-05 17:04 UTC

Evidence
1
Type Source Signal Confidence Details GCVE Metadata
csirt_report enisa-cnw-kev successful_exploitation 0.75
View details 
{
  "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON",
  "cwes": "-",
  "dateReported": "2026/04/08",
  "euvd": "EUVD-2025-2009839",
  "exploitationType": "APT",
  "notes": "https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions",
  "originSource": "cnw",
  "product": "React Server Components",
  "threatActorsExploiting": "unknown",
  "vendorProject": "Meta",
  "vulnerabilityName": "-"
}
 -
Export Options
JSON Object JSON API View Full Catalog