Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55183 (GCVE-0-2025-55183)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:04 – Updated: 2026-01-07 16:26
VLAI
EPSS
Summary
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- (CWE-502) Deserialization of Untrusted Data. (CWE-497) Exposure of Sensitive System Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_CONFIRM |
| https://react.dev/blog/2025/12/11/denial-of-servi… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Meta | react-server-dom-webpack |
Affected:
19.0.0 , ≤ 19.0.1
(semver)
Affected: 19.1.0 , ≤ 19.1.2 (semver) Affected: 19.2.0 , ≤ 19.2.1 (semver) |
|
| Meta | react-server-dom-turbopack |
Affected:
19.0.0 , ≤ 19.0.1
(semver)
Affected: 19.1.0 , ≤ 19.1.2 (semver) Affected: 19.2.0 , ≤ 19.2.1 (semver) |
|
| Meta | react-server-dom-parcel |
Affected:
19.0.0 , ≤ 19.0.1
(semver)
Affected: 19.1.0 , ≤ 19.1.2 (semver) Affected: 19.2.0 , ≤ 19.2.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55183",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:24:47.971492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:26:47.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "react-server-dom-webpack",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "react-server-dom-turbopack",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "react-server-dom-parcel",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "(CWE-502) Deserialization of Untrusted Data. (CWE-497) Exposure of Sensitive System Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:09:32.286Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55183",
"datePublished": "2025-12-11T20:04:48.655Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2026-01-07T16:26:47.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-55183",
"date": "2026-06-17",
"epss": "0.62405",
"percentile": "0.99077"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55183\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2025-12-11T20:16:00.460\",\"lastModified\":\"2025-12-12T18:18:19.950\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndExcluding\":\"19.0.2\",\"matchCriteriaId\":\"4B63E074-FEA2-495B-98C6-9D74E343A1C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.1.0\",\"versionEndExcluding\":\"19.1.3\",\"matchCriteriaId\":\"4C133EED-6729-453F-B832-3E5A7EC22E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.2.0\",\"versionEndExcluding\":\"19.2.2\",\"matchCriteriaId\":\"DE6F153C-825C-41B6-BE6F-2552A26307E0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.7\",\"matchCriteriaId\":\"7F89ACED-432F-4789-A368-96D4E28DEE34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.11\",\"matchCriteriaId\":\"99287D38-84D1-470A-96EF-B1D851552139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.2.0\",\"versionEndExcluding\":\"15.2.8\",\"matchCriteriaId\":\"4E4E7989-19E3-44C5-B292-54C73FF3F356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.3.0\",\"versionEndExcluding\":\"15.3.8\",\"matchCriteriaId\":\"78D397D2-B678-4463-85AB-8887554166C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.4.0\",\"versionEndExcluding\":\"15.4.10\",\"matchCriteriaId\":\"137455D1-FCE0-4A58-A479-E7CA39EA969D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"15.5.0\",\"versionEndExcluding\":\"15.5.9\",\"matchCriteriaId\":\"7EFB67E0-24A1-4013-A654-C3EEAA2702DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.10\",\"matchCriteriaId\":\"009539CB-1F6D-446A-B581-1ABC70B10154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3ED7F693-8012-4F88-BC71-CF108E20664A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary0:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"40EE98AC-754A-4FD9-B51A-9E2674584FD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"13B41C54-AF21-4637-A852-F997635B4E83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"91B41697-2D70-488D-A5C3-CB9D435560CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7D43DB84-7BCF-429B-849A-7189EC1922D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"CEC2346B-8DBD-4D53-9866-CFBDD3AACEF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2BC95097-8CA6-42FE-98D7-F968E37C11B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4F8FA85C-1200-4FD2-B5D7-906300748BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary15:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5D0B177B-2A31-48E9-81C7-1024E2452486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary16:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7CCA01F3-3A14-4450-8A68-B1DA22C685B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary17:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1AB351AE-8C29-4E67-8699-0AAC6B3383E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary18:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"14A34D9D-5FA2-434B-836E-3CE63D716CCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary19:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E8440F05-F32B-4D40-90B7-04BF22107D86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FB6C6F6D-1EC0-4BD9-97A4-CFDE70DF0C43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary20:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6189BD4C-A3E2-451B-96B2-FF01250E946D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary21:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"389EE453-8B07-45DD-BE9C-277C9C5CB156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary22:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BA4D4638-4734-4B16-87AA-EF4B5D2DDD7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary23:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D54A2E63-6E0C-4E17-86A8-459B0A7EE00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary24:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E6136F0A-3010-4BAD-811B-D047CF5E6F64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary25:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"525EFA40-B14B-47E9-8FBD-45721A802DB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary26:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"69142944-1EC0-4F94-862E-FA7F2E101101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary27:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"30016C06-372D-4F98-84A8-0732CA054970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary28:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E1536E2B-84EC-46A3-9B6F-026364A9D927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary29:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5E6F1F60-30E2-407C-8152-EEEB7EFE24CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3C907301-2C8F-465B-8134-94130E29F5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary30:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E81C89FD-40CB-471E-9967-90ACDCF79373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary31:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"55E8AEEC-A686-49D6-B298-AEE4E838E769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary32:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"CB0618EC-6A0B-4AC3-BF6D-E51AC84C4E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary33:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7B27F133-8EB4-4761-A706-DF42D4EB55F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary34:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BF975472-B7E7-4AC8-B834-DA19897A4894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary35:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"48A82613-F3FD-4E89-8E4A-F3F05A616171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary36:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0D42CA1F-7C21-47C1-8A9C-1015286FCBE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary37:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7C83A4EF-B96F-40EC-BA1F-FE1370AF78AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary38:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C151FDAB-DE34-4A7E-9762-6E99386798BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary39:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"53025212-05F0-41FE-81F8-023B1784BB8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"68EAC2B9-32A5-4721-BB35-16D519CD1BBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary40:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7411EF71-CBEB-4127-935F-3C732A1E22AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary41:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0C4B8930-1B65-4894-AFA8-C323AA7A8292\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary42:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B4977345-BD8C-41C7-9DD7-1E41D6CC6438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary43:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EFE030A4-5B14-4C2D-B953-E80C98FB26EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary44:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9F616FD4-83BF-4A9A-AFFD-0D3E2544DC7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary45:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"00512630-8B88-43B0-9ED3-2B33C64CC9A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary46:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A88EEF11-C7DA-4E2D-A030-FC177E696557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary47:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BE8453D9-7275-4A5F-8732-F05662FFF2E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary48:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E306B896-9BBB-424B-8D99-7A1A79AEFE9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary49:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"ACA87B86-33D5-4BEA-A13D-EEB4922D511E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"77AA0D23-B101-445C-A260-ED3152A93D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary50:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7D7DCCF7-FC83-4767-A0C2-C84A8B14F93B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary51:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FD397568-7F1F-4153-AF08-B22D4D3B45F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary52:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"984416EF-B121-40CE-B3AD-E22A06BB5844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary53:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C4B58652-EE24-43CF-8ABE-4A01B2C9938C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary54:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8090CF73-AEA7-43FC-A960-321BED3B1682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary55:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"823164E5-609D-4F24-86A5-E25618FE86A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary56:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E13CD688-63C3-4FFA-9D13-696005F0C155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary57:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B397B18C-8A7A-4766-9A68-98B26E190A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary58:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"15454C74-5F28-475D-830A-2AE603292301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary59:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A638BD4D-8CE5-421E-97C3-A56A4F057A50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2DB345E3-BAD0-497E-93AE-5E4DC669C192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"840FEB19-2C66-4004-A488-B90219F8AC05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C260F966-73D7-43F3-A329-8C558A695821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:15.6.0:canary9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"28130A79-39B5-43E8-A690-C8E9C62483F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"09089CEC-B446-496E-940D-AD4FE4E440ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary0:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"22B740D5-0CF9-45D6-A12A-FE0567276481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"256B837F-159D-449B-A748-5E4136E17D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7091E48E-8CD5-41DB-835F-6A3DC82CC10E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F074BCE2-16CA-4628-9325-4C1865F71B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EC66102A-F2C4-4069-A7D0-CA1E1961B048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D9AFF756-AD32-4B69-A3C2-CD77BEEDC30D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"550CC768-2BFF-41D2-B2A9-6332782FAE8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary15:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"65B15DCD-A2F3-445A-85FC-1B35F176FAA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary16:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6923D356-EF15-4747-877B-74F6B5CFC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary17:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2B1A9FB9-9501-4F29-9535-D21387A668DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary18:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DA2A5F90-BEC1-4588-BFD6-4D095EAB40A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"061F871B-F0F9-4166-8D97-3A9F6D234AD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2F375E07-2ACB-4FF1-86C7-D499EEA9BD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4540A878-F057-4371-97C8-B286921E7F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F7A5ED68-0BB9-4699-B0F5-C425DC92F8A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"76CD81F2-69D3-47F0-988E-235A16870511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"74EE714B-8E4F-47A0-9C9C-C3A93810ABB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1C2E002A-D038-492A-8B83-F5EF658B56ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vercel:next.js:16.1.0:canary9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F369DF32-1EF0-4342-BFEF-CFC0F485D8B6\"}]}]}],\"references\":[{\"url\":\"https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.facebook.com/security/advisories/cve-2025-55183\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55183\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-07T16:24:47.971492Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-07T16:25:58.340Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Meta\", \"product\": \"react-server-dom-webpack\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.0.1\"}, {\"status\": \"affected\", \"version\": \"19.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.1.2\"}, {\"status\": \"affected\", \"version\": \"19.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.2.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Meta\", \"product\": \"react-server-dom-turbopack\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.0.1\"}, {\"status\": \"affected\", \"version\": \"19.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.1.2\"}, {\"status\": \"affected\", \"version\": \"19.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.2.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Meta\", \"product\": \"react-server-dom-parcel\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.0.1\"}, {\"status\": \"affected\", \"version\": \"19.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.1.2\"}, {\"status\": \"affected\", \"version\": \"19.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"19.2.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.facebook.com/security/advisories/cve-2025-55183\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"dateAssigned\": \"2025-12-09T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"(CWE-502) Deserialization of Untrusted Data. (CWE-497) Exposure of Sensitive System Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"4fc57720-52fe-4431-a0fb-3d2c8747b827\", \"shortName\": \"Meta\", \"dateUpdated\": \"2025-12-11T20:09:32.286Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55183\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-07T16:26:47.826Z\", \"dateReserved\": \"2025-08-08T18:21:47.119Z\", \"assignerOrgId\": \"4fc57720-52fe-4431-a0fb-3d2c8747b827\", \"datePublished\": \"2025-12-11T20:04:48.655Z\", \"assignerShortName\": \"Meta\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1137
Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions postérieures ou égales à 1.3.1 et antérieures à 1.4.2 | ||
| IBM | QRadar SIEM | Security QRadar Analyst Workflow versions postérieures à 2.32.0 et antérieures à 3.0.1 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x antérieures à 1.4.0.5_iFix002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions postérieures à 1.4.0.2 et antérieures à 1.4.0.5_iFix001 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à V8.5.6.3_IJ56659 | ||
| IBM | Db2 | Db2 Big SQL versions postérieures à 7.2.x sur Cloud Pack for Data 4.x versions antérieures à 7.7.3 sur Cloud Pack for Data 5.0.3 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Security QRadar SIEM | QRadar User Behavior Analytics versions postérieurs à 4.1.15 et antérieures à 5.0.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar Network Threat Analytics versions post\u00e9rieures ou \u00e9gales \u00e0 1.3.1 et ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Analyst Workflow versions post\u00e9rieures \u00e0 2.32.0 et ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.5_iFix002 ",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions post\u00e9rieures \u00e0 1.4.0.2 et ant\u00e9rieures \u00e0 1.4.0.5_iFix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0 V8.5.6.3_IJ56659",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Db2 Big SQL versions post\u00e9rieures \u00e0 7.2.x sur Cloud Pack for Data 4.x versions ant\u00e9rieures \u00e0 7.7.3 sur Cloud Pack for Data 5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions post\u00e9rieurs \u00e0 4.1.15 et ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2025-47279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-55182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2025-12-26T00:00:00",
"last_revision_date": "2025-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1137",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255497",
"url": "https://www.ibm.com/support/pages/node/7255497"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255727",
"url": "https://www.ibm.com/support/pages/node/7255727"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255495",
"url": "https://www.ibm.com/support/pages/node/7255495"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255496",
"url": "https://www.ibm.com/support/pages/node/7255496"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255723",
"url": "https://www.ibm.com/support/pages/node/7255723"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255557",
"url": "https://www.ibm.com/support/pages/node/7255557"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255410",
"url": "https://www.ibm.com/support/pages/node/7255410"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255729",
"url": "https://www.ibm.com/support/pages/node/7255729"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255556",
"url": "https://www.ibm.com/support/pages/node/7255556"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255731",
"url": "https://www.ibm.com/support/pages/node/7255731"
}
]
}
CERTFR-2025-AVI-1137
Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions postérieures ou égales à 1.3.1 et antérieures à 1.4.2 | ||
| IBM | QRadar SIEM | Security QRadar Analyst Workflow versions postérieures à 2.32.0 et antérieures à 3.0.1 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x antérieures à 1.4.0.5_iFix002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions postérieures à 1.4.0.2 et antérieures à 1.4.0.5_iFix001 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à V8.5.6.3_IJ56659 | ||
| IBM | Db2 | Db2 Big SQL versions postérieures à 7.2.x sur Cloud Pack for Data 4.x versions antérieures à 7.7.3 sur Cloud Pack for Data 5.0.3 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Security QRadar SIEM | QRadar User Behavior Analytics versions postérieurs à 4.1.15 et antérieures à 5.0.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar Network Threat Analytics versions post\u00e9rieures ou \u00e9gales \u00e0 1.3.1 et ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Analyst Workflow versions post\u00e9rieures \u00e0 2.32.0 et ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.5_iFix002 ",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions post\u00e9rieures \u00e0 1.4.0.2 et ant\u00e9rieures \u00e0 1.4.0.5_iFix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0 V8.5.6.3_IJ56659",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Db2 Big SQL versions post\u00e9rieures \u00e0 7.2.x sur Cloud Pack for Data 4.x versions ant\u00e9rieures \u00e0 7.7.3 sur Cloud Pack for Data 5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions post\u00e9rieurs \u00e0 4.1.15 et ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2025-47279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-55182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2025-12-26T00:00:00",
"last_revision_date": "2025-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1137",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255497",
"url": "https://www.ibm.com/support/pages/node/7255497"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255727",
"url": "https://www.ibm.com/support/pages/node/7255727"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255495",
"url": "https://www.ibm.com/support/pages/node/7255495"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255496",
"url": "https://www.ibm.com/support/pages/node/7255496"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255723",
"url": "https://www.ibm.com/support/pages/node/7255723"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255557",
"url": "https://www.ibm.com/support/pages/node/7255557"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255410",
"url": "https://www.ibm.com/support/pages/node/7255410"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255729",
"url": "https://www.ibm.com/support/pages/node/7255729"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255556",
"url": "https://www.ibm.com/support/pages/node/7255556"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255731",
"url": "https://www.ibm.com/support/pages/node/7255731"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
FKIE_CVE-2025-55183
Vulnerability from fkie_nvd - Published: 2025-12-11 20:16 - Updated: 2026-06-17 09:41
Severity
Summary
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "react-server-dom-webpack",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "react-server-dom-turbopack",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "react-server-dom-parcel",
"vendor": "Meta",
"versions": [
{
"lessThanOrEqual": "19.0.1",
"status": "affected",
"version": "19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.1.2",
"status": "affected",
"version": "19.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "semver"
}
]
}
],
"source": "cve-assign@fb.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "7F89ACED-432F-4789-A368-96D4E28DEE34",
"versionEndExcluding": "15.0.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "99287D38-84D1-470A-96EF-B1D851552139",
"versionEndExcluding": "15.1.11",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "4E4E7989-19E3-44C5-B292-54C73FF3F356",
"versionEndExcluding": "15.2.8",
"versionStartIncluding": "15.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "78D397D2-B678-4463-85AB-8887554166C9",
"versionEndExcluding": "15.3.8",
"versionStartIncluding": "15.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "137455D1-FCE0-4A58-A479-E7CA39EA969D",
"versionEndExcluding": "15.4.10",
"versionStartIncluding": "15.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "7EFB67E0-24A1-4013-A654-C3EEAA2702DD",
"versionEndExcluding": "15.5.9",
"versionStartIncluding": "15.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "009539CB-1F6D-446A-B581-1ABC70B10154",
"versionEndExcluding": "16.0.10",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "3ED7F693-8012-4F88-BC71-CF108E20664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary0:*:*:*:node.js:*:*",
"matchCriteriaId": "40EE98AC-754A-4FD9-B51A-9E2674584FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary1:*:*:*:node.js:*:*",
"matchCriteriaId": "13B41C54-AF21-4637-A852-F997635B4E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary10:*:*:*:node.js:*:*",
"matchCriteriaId": "91B41697-2D70-488D-A5C3-CB9D435560CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary11:*:*:*:node.js:*:*",
"matchCriteriaId": "7D43DB84-7BCF-429B-849A-7189EC1922D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary12:*:*:*:node.js:*:*",
"matchCriteriaId": "CEC2346B-8DBD-4D53-9866-CFBDD3AACEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary13:*:*:*:node.js:*:*",
"matchCriteriaId": "2BC95097-8CA6-42FE-98D7-F968E37C11B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary14:*:*:*:node.js:*:*",
"matchCriteriaId": "4F8FA85C-1200-4FD2-B5D7-906300748BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary15:*:*:*:node.js:*:*",
"matchCriteriaId": "5D0B177B-2A31-48E9-81C7-1024E2452486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary16:*:*:*:node.js:*:*",
"matchCriteriaId": "7CCA01F3-3A14-4450-8A68-B1DA22C685B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary17:*:*:*:node.js:*:*",
"matchCriteriaId": "1AB351AE-8C29-4E67-8699-0AAC6B3383E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary18:*:*:*:node.js:*:*",
"matchCriteriaId": "14A34D9D-5FA2-434B-836E-3CE63D716CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary19:*:*:*:node.js:*:*",
"matchCriteriaId": "E8440F05-F32B-4D40-90B7-04BF22107D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary2:*:*:*:node.js:*:*",
"matchCriteriaId": "FB6C6F6D-1EC0-4BD9-97A4-CFDE70DF0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary20:*:*:*:node.js:*:*",
"matchCriteriaId": "6189BD4C-A3E2-451B-96B2-FF01250E946D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary21:*:*:*:node.js:*:*",
"matchCriteriaId": "389EE453-8B07-45DD-BE9C-277C9C5CB156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary22:*:*:*:node.js:*:*",
"matchCriteriaId": "BA4D4638-4734-4B16-87AA-EF4B5D2DDD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary23:*:*:*:node.js:*:*",
"matchCriteriaId": "D54A2E63-6E0C-4E17-86A8-459B0A7EE00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary24:*:*:*:node.js:*:*",
"matchCriteriaId": "E6136F0A-3010-4BAD-811B-D047CF5E6F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary25:*:*:*:node.js:*:*",
"matchCriteriaId": "525EFA40-B14B-47E9-8FBD-45721A802DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary26:*:*:*:node.js:*:*",
"matchCriteriaId": "69142944-1EC0-4F94-862E-FA7F2E101101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary27:*:*:*:node.js:*:*",
"matchCriteriaId": "30016C06-372D-4F98-84A8-0732CA054970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary28:*:*:*:node.js:*:*",
"matchCriteriaId": "E1536E2B-84EC-46A3-9B6F-026364A9D927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary29:*:*:*:node.js:*:*",
"matchCriteriaId": "5E6F1F60-30E2-407C-8152-EEEB7EFE24CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary3:*:*:*:node.js:*:*",
"matchCriteriaId": "3C907301-2C8F-465B-8134-94130E29F5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary30:*:*:*:node.js:*:*",
"matchCriteriaId": "E81C89FD-40CB-471E-9967-90ACDCF79373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary31:*:*:*:node.js:*:*",
"matchCriteriaId": "55E8AEEC-A686-49D6-B298-AEE4E838E769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary32:*:*:*:node.js:*:*",
"matchCriteriaId": "CB0618EC-6A0B-4AC3-BF6D-E51AC84C4E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary33:*:*:*:node.js:*:*",
"matchCriteriaId": "7B27F133-8EB4-4761-A706-DF42D4EB55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary34:*:*:*:node.js:*:*",
"matchCriteriaId": "BF975472-B7E7-4AC8-B834-DA19897A4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary35:*:*:*:node.js:*:*",
"matchCriteriaId": "48A82613-F3FD-4E89-8E4A-F3F05A616171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary36:*:*:*:node.js:*:*",
"matchCriteriaId": "0D42CA1F-7C21-47C1-8A9C-1015286FCBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary37:*:*:*:node.js:*:*",
"matchCriteriaId": "7C83A4EF-B96F-40EC-BA1F-FE1370AF78AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary38:*:*:*:node.js:*:*",
"matchCriteriaId": "C151FDAB-DE34-4A7E-9762-6E99386798BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary39:*:*:*:node.js:*:*",
"matchCriteriaId": "53025212-05F0-41FE-81F8-023B1784BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary4:*:*:*:node.js:*:*",
"matchCriteriaId": "68EAC2B9-32A5-4721-BB35-16D519CD1BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary40:*:*:*:node.js:*:*",
"matchCriteriaId": "7411EF71-CBEB-4127-935F-3C732A1E22AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary41:*:*:*:node.js:*:*",
"matchCriteriaId": "0C4B8930-1B65-4894-AFA8-C323AA7A8292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary42:*:*:*:node.js:*:*",
"matchCriteriaId": "B4977345-BD8C-41C7-9DD7-1E41D6CC6438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary43:*:*:*:node.js:*:*",
"matchCriteriaId": "EFE030A4-5B14-4C2D-B953-E80C98FB26EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary44:*:*:*:node.js:*:*",
"matchCriteriaId": "9F616FD4-83BF-4A9A-AFFD-0D3E2544DC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary45:*:*:*:node.js:*:*",
"matchCriteriaId": "00512630-8B88-43B0-9ED3-2B33C64CC9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary46:*:*:*:node.js:*:*",
"matchCriteriaId": "A88EEF11-C7DA-4E2D-A030-FC177E696557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary47:*:*:*:node.js:*:*",
"matchCriteriaId": "BE8453D9-7275-4A5F-8732-F05662FFF2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary48:*:*:*:node.js:*:*",
"matchCriteriaId": "E306B896-9BBB-424B-8D99-7A1A79AEFE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary49:*:*:*:node.js:*:*",
"matchCriteriaId": "ACA87B86-33D5-4BEA-A13D-EEB4922D511E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary5:*:*:*:node.js:*:*",
"matchCriteriaId": "77AA0D23-B101-445C-A260-ED3152A93D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary50:*:*:*:node.js:*:*",
"matchCriteriaId": "7D7DCCF7-FC83-4767-A0C2-C84A8B14F93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary51:*:*:*:node.js:*:*",
"matchCriteriaId": "FD397568-7F1F-4153-AF08-B22D4D3B45F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary52:*:*:*:node.js:*:*",
"matchCriteriaId": "984416EF-B121-40CE-B3AD-E22A06BB5844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary53:*:*:*:node.js:*:*",
"matchCriteriaId": "C4B58652-EE24-43CF-8ABE-4A01B2C9938C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary54:*:*:*:node.js:*:*",
"matchCriteriaId": "8090CF73-AEA7-43FC-A960-321BED3B1682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary55:*:*:*:node.js:*:*",
"matchCriteriaId": "823164E5-609D-4F24-86A5-E25618FE86A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary56:*:*:*:node.js:*:*",
"matchCriteriaId": "E13CD688-63C3-4FFA-9D13-696005F0C155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary57:*:*:*:node.js:*:*",
"matchCriteriaId": "B397B18C-8A7A-4766-9A68-98B26E190A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary58:*:*:*:node.js:*:*",
"matchCriteriaId": "15454C74-5F28-475D-830A-2AE603292301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary59:*:*:*:node.js:*:*",
"matchCriteriaId": "A638BD4D-8CE5-421E-97C3-A56A4F057A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary6:*:*:*:node.js:*:*",
"matchCriteriaId": "2DB345E3-BAD0-497E-93AE-5E4DC669C192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary7:*:*:*:node.js:*:*",
"matchCriteriaId": "840FEB19-2C66-4004-A488-B90219F8AC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary8:*:*:*:node.js:*:*",
"matchCriteriaId": "C260F966-73D7-43F3-A329-8C558A695821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:15.6.0:canary9:*:*:*:node.js:*:*",
"matchCriteriaId": "28130A79-39B5-43E8-A690-C8E9C62483F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "09089CEC-B446-496E-940D-AD4FE4E440ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary0:*:*:*:node.js:*:*",
"matchCriteriaId": "22B740D5-0CF9-45D6-A12A-FE0567276481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary1:*:*:*:node.js:*:*",
"matchCriteriaId": "256B837F-159D-449B-A748-5E4136E17D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary10:*:*:*:node.js:*:*",
"matchCriteriaId": "7091E48E-8CD5-41DB-835F-6A3DC82CC10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary11:*:*:*:node.js:*:*",
"matchCriteriaId": "F074BCE2-16CA-4628-9325-4C1865F71B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary12:*:*:*:node.js:*:*",
"matchCriteriaId": "EC66102A-F2C4-4069-A7D0-CA1E1961B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary13:*:*:*:node.js:*:*",
"matchCriteriaId": "D9AFF756-AD32-4B69-A3C2-CD77BEEDC30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary14:*:*:*:node.js:*:*",
"matchCriteriaId": "550CC768-2BFF-41D2-B2A9-6332782FAE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary15:*:*:*:node.js:*:*",
"matchCriteriaId": "65B15DCD-A2F3-445A-85FC-1B35F176FAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary16:*:*:*:node.js:*:*",
"matchCriteriaId": "6923D356-EF15-4747-877B-74F6B5CFC297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary17:*:*:*:node.js:*:*",
"matchCriteriaId": "2B1A9FB9-9501-4F29-9535-D21387A668DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary18:*:*:*:node.js:*:*",
"matchCriteriaId": "DA2A5F90-BEC1-4588-BFD6-4D095EAB40A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary2:*:*:*:node.js:*:*",
"matchCriteriaId": "061F871B-F0F9-4166-8D97-3A9F6D234AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary3:*:*:*:node.js:*:*",
"matchCriteriaId": "2F375E07-2ACB-4FF1-86C7-D499EEA9BD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary4:*:*:*:node.js:*:*",
"matchCriteriaId": "4540A878-F057-4371-97C8-B286921E7F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary5:*:*:*:node.js:*:*",
"matchCriteriaId": "F7A5ED68-0BB9-4699-B0F5-C425DC92F8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary6:*:*:*:node.js:*:*",
"matchCriteriaId": "76CD81F2-69D3-47F0-988E-235A16870511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary7:*:*:*:node.js:*:*",
"matchCriteriaId": "74EE714B-8E4F-47A0-9C9C-C3A93810ABB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary8:*:*:*:node.js:*:*",
"matchCriteriaId": "1C2E002A-D038-492A-8B83-F5EF658B56ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vercel:next.js:16.1.0:canary9:*:*:*:node.js:*:*",
"matchCriteriaId": "F369DF32-1EF0-4342-BFEF-CFC0F485D8B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63E074-FEA2-495B-98C6-9D74E343A1C0",
"versionEndExcluding": "19.0.2",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C133EED-6729-453F-B832-3E5A7EC22E92",
"versionEndExcluding": "19.1.3",
"versionStartIncluding": "19.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6F153C-825C-41B6-BE6F-2552A26307E0",
"versionEndExcluding": "19.2.2",
"versionStartIncluding": "19.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument."
}
],
"id": "CVE-2025-55183",
"lastModified": "2026-06-17T09:41:25.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve-assign@fb.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-55183",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:24:47.971492Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-12-11T20:16:00.460",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components"
},
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55183"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-925W-6V3X-G4J4
Vulnerability from github – Published: 2025-12-11 22:36 – Updated: 2025-12-11 22:36
VLAI
Summary
Source Code Exposure Vulnerability in React Server Components
Details
Impact
There is a source code exposure vulnerability in React Server Components.
React recommends updating immediately.
The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:
These issues are present in the patches published last week.
Patches
Fixes were back ported to versions 19.0.2, 19.1.3, and 19.2.2.
If you are using any of the above packages please upgrade to any of the fixed versions immediately.
If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability.
References
See the blog post for more information and upgrade instructions.
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-parcel"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-turbopack"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-webpack"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-parcel"
},
"ranges": [
{
"events": [
{
"introduced": "19.1.0"
},
{
"fixed": "19.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-parcel"
},
"ranges": [
{
"events": [
{
"introduced": "19.2.0"
},
{
"fixed": "19.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-turbopack"
},
"ranges": [
{
"events": [
{
"introduced": "19.1.0"
},
{
"fixed": "19.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-turbopack"
},
"ranges": [
{
"events": [
{
"introduced": "19.2.0"
},
{
"fixed": "19.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-webpack"
},
"ranges": [
{
"events": [
{
"introduced": "19.1.0"
},
{
"fixed": "19.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-server-dom-webpack"
},
"ranges": [
{
"events": [
{
"introduced": "19.2.0"
},
{
"fixed": "19.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55183"
],
"database_specific": {
"cwe_ids": [
"CWE-497",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-11T22:36:08Z",
"nvd_published_at": "2025-12-11T20:16:00Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nThere is a source code exposure vulnerability in React Server Components.\n\nReact recommends updating immediately.\n\nThe vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:\n\n- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)\n- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)\n- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)\n\nThese issues are present in the patches published last week.\n\n## Patches\n\nFixes were back ported to versions 19.0.2, 19.1.3, and 19.2.2. \n\nIf you are using any of the above packages please upgrade to any of the fixed versions immediately.\n\nIf your app\u2019s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability.\n\n## References\n\nSee the [blog post](https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components) for more information and upgrade instructions.",
"id": "GHSA-925w-6v3x-g4j4",
"modified": "2025-12-11T22:36:08Z",
"published": "2025-12-11T22:36:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55183"
},
{
"type": "PACKAGE",
"url": "https://github.com/facebook/react"
},
{
"type": "WEB",
"url": "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2025-55183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Source Code Exposure Vulnerability in React Server Components"
}
NCSC-2025-0394
Vulnerability from csaf_ncscnl - Published: 2025-12-12 09:04 - Updated: 2025-12-12 10:46Summary
Kwetsbaarheden verholpen in React Server Components
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Meta heeft kwetsbaarheden verholpen in React Server Components Parcel, Turbopack en Webpack.
Interpretaties: De kwetsbaarheden zijn gerelateerd aan onveilige deserialisatie van HTTP-verzoekpayloads, wat kan leiden tot Denial-of-Service-aanvallen en serverhangen. Dit heeft invloed op de beschikbaarheid van applicaties die gebruikmaken van deze versies. Daarnaast is er een informatielek dat kan resulteren in het blootleggen van de broncode van Server Functions onder specifieke omstandigheden. Deze kwetsbaarheden zijn kritiek voor server-side rendering in React-applicaties.
Oplossingen: Meta heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-400: Uncontrolled Resource Consumption
CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-502: Deserialization of Untrusted Data
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
The fix for CVE-2025-55184 in React Server Components is incomplete, leaving versions 19.0.2, 19.1.3, and 19.2.2 vulnerable to denial of service attacks due to unsafe deserialization of HTTP request payloads.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Meta Open Source / react-server-dom-parcel
|
vers:unknown/* | ||
|
vers:unknown/*
Meta Open Source / react-server-dom-turbopack
|
vers:unknown/* | ||
|
vers:unknown/*
Meta Open Source / react-server-dom-webpack
|
vers:unknown/* |
A vulnerability in React Server Components allows crafted HTTP requests to expose source code, necessitating immediate updates for affected versions.
5.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Meta Open Source / react-server-dom-parcel
|
vers:unknown/* | ||
|
vers:unknown/*
Meta Open Source / react-server-dom-turbopack
|
vers:unknown/* | ||
|
vers:unknown/*
Meta Open Source / react-server-dom-webpack
|
vers:unknown/* |
A denial of service vulnerability in specific versions of React Server Components, caused by unsafe deserialization, can lead to server hangs and block future HTTP requests.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Meta Open Source / react-server-dom-parcel
|
vers:unknown/* | ||
|
vers:unknown/*
Meta Open Source / react-server-dom-turbopack
|
vers:unknown/* | ||
|
vers:unknown/*
Meta Open Source / react-server-dom-webpack
|
vers:unknown/* |
References
7 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Meta heeft kwetsbaarheden verholpen in React Server Components Parcel, Turbopack en Webpack.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden zijn gerelateerd aan onveilige deserialisatie van HTTP-verzoekpayloads, wat kan leiden tot Denial-of-Service-aanvallen en serverhangen. Dit heeft invloed op de beschikbaarheid van applicaties die gebruikmaken van deze versies. Daarnaast is er een informatielek dat kan resulteren in het blootleggen van de broncode van Server Functions onder specifieke omstandigheden. Deze kwetsbaarheden zijn kritiek voor server-side rendering in React-applicaties.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Meta heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components"
},
{
"category": "external",
"summary": "Reference",
"url": "https://www.facebook.com/security/advisories/cve-2025-55183"
},
{
"category": "external",
"summary": "Reference",
"url": "https://www.facebook.com/security/advisories/cve-2025-55184"
},
{
"category": "external",
"summary": "Reference",
"url": "https://www.facebook.com/security/advisories/cve-2025-67779"
}
],
"title": "Kwetsbaarheden verholpen in React Server Components",
"tracking": {
"current_release_date": "2025-12-12T10:46:34.688189Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0394",
"initial_release_date": "2025-12-12T09:04:19.324080Z",
"revision_history": [
{
"date": "2025-12-12T09:04:19.324080Z",
"number": "1.0.0",
"summary": "Initiele versie"
},
{
"date": "2025-12-12T10:46:34.688189Z",
"number": "1.0.1",
"summary": "De kwetsbaarheden zitten volgens het React team in onderstaande versies:\n\n- CVE-2025-55184 \u0026 CVE-2025-55183 - 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1\n\n- CVE-2025-67779 - 19.0.2, 19.1.3 and 19.2.2\n\nDe kwetsbaarheden worden in versies 19.0.3, 19.1.4, and 19.2.3 verholpen."
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "react-server-dom-parcel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "react-server-dom-turbopack"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "react-server-dom-webpack"
}
],
"category": "vendor",
"name": "Meta Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-67779",
"notes": [
{
"category": "description",
"text": "The fix for CVE-2025-55184 in React Server Components is incomplete, leaving versions 19.0.2, 19.1.3, and 19.2.2 vulnerable to denial of service attacks due to unsafe deserialization of HTTP request payloads.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-67779 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-67779.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-67779"
},
{
"cve": "CVE-2025-55183",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A vulnerability in React Server Components allows crafted HTTP requests to expose source code, necessitating immediate updates for affected versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55183 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55183.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-55183"
},
{
"cve": "CVE-2025-55184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A denial of service vulnerability in specific versions of React Server Components, caused by unsafe deserialization, can lead to server hangs and block future HTTP requests.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55184 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-55184"
}
]
}
WID-SEC-W-2025-2835
Vulnerability from csaf_certbund - Published: 2025-12-11 23:00 - Updated: 2025-12-11 23:00Summary
Vercel Next.js und React Server Components: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Next.js ist ein Framework für React-basierte Web-Anwendungen.
React ist eine Open-Source-JavaScript-Bibliothek zur Erstellung von Benutzeroberflächen, insbesondere für Single-Page-Anwendungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Vercel Next.js und React Server Components ausnutzen, um Informationen offenzulegen und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Vercel Next.js <15.0.7
Vercel / Next.js
|
<15.0.7 | ||
|
Open Source React <19.2.3
Open Source / React
|
<19.2.3 | ||
|
Vercel Next.js <14.2.35
Vercel / Next.js
|
<14.2.35 | ||
|
Open Source React <19.1.4
Open Source / React
|
<19.1.4 | ||
|
Open Source React <19.0.3
Open Source / React
|
<19.0.3 | ||
|
Vercel Next.js <15.4.10
Vercel / Next.js
|
<15.4.10 | ||
|
Vercel Next.js <15.3.8
Vercel / Next.js
|
<15.3.8 | ||
|
Vercel Next.js <15.2.8
Vercel / Next.js
|
<15.2.8 | ||
|
Vercel Next.js <15.1.11
Vercel / Next.js
|
<15.1.11 | ||
|
Vercel Next.js <16.1.0-canary.19
Vercel / Next.js
|
<16.1.0-canary.19 | ||
|
Vercel Next.js <16.0.10
Vercel / Next.js
|
<16.0.10 | ||
|
Vercel Next.js <15.6.0-canary.60
Vercel / Next.js
|
<15.6.0-canary.60 | ||
|
Vercel Next.js <15.5.9
Vercel / Next.js
|
<15.5.9 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Vercel Next.js <15.0.7
Vercel / Next.js
|
<15.0.7 | ||
|
Open Source React <19.2.3
Open Source / React
|
<19.2.3 | ||
|
Vercel Next.js <14.2.35
Vercel / Next.js
|
<14.2.35 | ||
|
Open Source React <19.1.4
Open Source / React
|
<19.1.4 | ||
|
Open Source React <19.0.3
Open Source / React
|
<19.0.3 | ||
|
Vercel Next.js <15.4.10
Vercel / Next.js
|
<15.4.10 | ||
|
Vercel Next.js <15.3.8
Vercel / Next.js
|
<15.3.8 | ||
|
Vercel Next.js <15.2.8
Vercel / Next.js
|
<15.2.8 | ||
|
Vercel Next.js <15.1.11
Vercel / Next.js
|
<15.1.11 | ||
|
Vercel Next.js <16.1.0-canary.19
Vercel / Next.js
|
<16.1.0-canary.19 | ||
|
Vercel Next.js <16.0.10
Vercel / Next.js
|
<16.0.10 | ||
|
Vercel Next.js <15.6.0-canary.60
Vercel / Next.js
|
<15.6.0-canary.60 | ||
|
Vercel Next.js <15.5.9
Vercel / Next.js
|
<15.5.9 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Vercel Next.js <15.0.7
Vercel / Next.js
|
<15.0.7 | ||
|
Open Source React <19.2.3
Open Source / React
|
<19.2.3 | ||
|
Vercel Next.js <14.2.35
Vercel / Next.js
|
<14.2.35 | ||
|
Open Source React <19.1.4
Open Source / React
|
<19.1.4 | ||
|
Open Source React <19.0.3
Open Source / React
|
<19.0.3 | ||
|
Vercel Next.js <15.4.10
Vercel / Next.js
|
<15.4.10 | ||
|
Vercel Next.js <15.3.8
Vercel / Next.js
|
<15.3.8 | ||
|
Vercel Next.js <15.2.8
Vercel / Next.js
|
<15.2.8 | ||
|
Vercel Next.js <15.1.11
Vercel / Next.js
|
<15.1.11 | ||
|
Vercel Next.js <16.1.0-canary.19
Vercel / Next.js
|
<16.1.0-canary.19 | ||
|
Vercel Next.js <16.0.10
Vercel / Next.js
|
<16.0.10 | ||
|
Vercel Next.js <15.6.0-canary.60
Vercel / Next.js
|
<15.6.0-canary.60 | ||
|
Vercel Next.js <15.5.9
Vercel / Next.js
|
<15.5.9 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Next.js ist ein Framework f\u00fcr React-basierte Web-Anwendungen.\r\nReact ist eine Open-Source-JavaScript-Bibliothek zur Erstellung von Benutzeroberfl\u00e4chen, insbesondere f\u00fcr Single-Page-Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Vercel Next.js und React Server Components ausnutzen, um Informationen offenzulegen und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2835 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2835.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2835 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2835"
},
{
"category": "external",
"summary": "NextNext.js Security Update vom 2025-12-11",
"url": "https://nextjs.org/blog/security-update-2025-12-11"
},
{
"category": "external",
"summary": "React blog post vom 2025-12-11",
"url": "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components"
},
{
"category": "external",
"summary": "PoC CVE-2025-55183 vom 2025-12-11",
"url": "https://github.com/X-Cotang/CVE-2025-55183_POC"
}
],
"source_lang": "en-US",
"title": "Vercel Next.js und React Server Components: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-11T23:00:00.000+00:00",
"generator": {
"date": "2025-12-12T11:45:01.682+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2835",
"initial_release_date": "2025-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.0.3",
"product": {
"name": "Open Source React \u003c19.0.3",
"product_id": "T049390"
}
},
{
"category": "product_version",
"name": "19.0.3",
"product": {
"name": "Open Source React 19.0.3",
"product_id": "T049390-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:react:19.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.1.4",
"product": {
"name": "Open Source React \u003c19.1.4",
"product_id": "T049391"
}
},
{
"category": "product_version",
"name": "19.1.4",
"product": {
"name": "Open Source React 19.1.4",
"product_id": "T049391-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:react:19.1.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.2.3",
"product": {
"name": "Open Source React \u003c19.2.3",
"product_id": "T049392"
}
},
{
"category": "product_version",
"name": "19.2.3",
"product": {
"name": "Open Source React 19.2.3",
"product_id": "T049392-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:react:19.2.3"
}
}
}
],
"category": "product_name",
"name": "React"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c14.2.35",
"product": {
"name": "Vercel Next.js \u003c14.2.35",
"product_id": "T049380"
}
},
{
"category": "product_version",
"name": "14.2.35",
"product": {
"name": "Vercel Next.js 14.2.35",
"product_id": "T049380-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:14.2.35"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.0.7",
"product": {
"name": "Vercel Next.js \u003c15.0.7",
"product_id": "T049381"
}
},
{
"category": "product_version",
"name": "15.0.7",
"product": {
"name": "Vercel Next.js 15.0.7",
"product_id": "T049381-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.0.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.1.11",
"product": {
"name": "Vercel Next.js \u003c15.1.11",
"product_id": "T049382"
}
},
{
"category": "product_version",
"name": "15.1.11",
"product": {
"name": "Vercel Next.js 15.1.11",
"product_id": "T049382-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.1.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.2.8",
"product": {
"name": "Vercel Next.js \u003c15.2.8",
"product_id": "T049383"
}
},
{
"category": "product_version",
"name": "15.2.8",
"product": {
"name": "Vercel Next.js 15.2.8",
"product_id": "T049383-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.2.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.3.8",
"product": {
"name": "Vercel Next.js \u003c15.3.8",
"product_id": "T049384"
}
},
{
"category": "product_version",
"name": "15.3.8",
"product": {
"name": "Vercel Next.js 15.3.8",
"product_id": "T049384-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.3.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.4.10",
"product": {
"name": "Vercel Next.js \u003c15.4.10",
"product_id": "T049385"
}
},
{
"category": "product_version",
"name": "15.4.10",
"product": {
"name": "Vercel Next.js 15.4.10",
"product_id": "T049385-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.4.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.5.9",
"product": {
"name": "Vercel Next.js \u003c15.5.9",
"product_id": "T049386"
}
},
{
"category": "product_version",
"name": "15.5.9",
"product": {
"name": "Vercel Next.js 15.5.9",
"product_id": "T049386-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.5.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.6.0-canary.60",
"product": {
"name": "Vercel Next.js \u003c15.6.0-canary.60",
"product_id": "T049387"
}
},
{
"category": "product_version",
"name": "15.6.0-canary.60",
"product": {
"name": "Vercel Next.js 15.6.0-canary.60",
"product_id": "T049387-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:15.6.0-canary.60"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.0.10",
"product": {
"name": "Vercel Next.js \u003c16.0.10",
"product_id": "T049388"
}
},
{
"category": "product_version",
"name": "16.0.10",
"product": {
"name": "Vercel Next.js 16.0.10",
"product_id": "T049388-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:16.0.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.1.0-canary.19",
"product": {
"name": "Vercel Next.js \u003c16.1.0-canary.19",
"product_id": "T049389"
}
},
{
"category": "product_version",
"name": "16.1.0-canary.19",
"product": {
"name": "Vercel Next.js 16.1.0-canary.19",
"product_id": "T049389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vercel:next.js:16.1.0-canary.19"
}
}
}
],
"category": "product_name",
"name": "Next.js"
}
],
"category": "vendor",
"name": "Vercel"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55183",
"product_status": {
"known_affected": [
"T049381",
"T049392",
"T049380",
"T049391",
"T049390",
"T049385",
"T049384",
"T049383",
"T049382",
"T049389",
"T049388",
"T049387",
"T049386"
]
},
"release_date": "2025-12-11T23:00:00.000+00:00",
"title": "CVE-2025-55183"
},
{
"cve": "CVE-2025-55184",
"product_status": {
"known_affected": [
"T049381",
"T049392",
"T049380",
"T049391",
"T049390",
"T049385",
"T049384",
"T049383",
"T049382",
"T049389",
"T049388",
"T049387",
"T049386"
]
},
"release_date": "2025-12-11T23:00:00.000+00:00",
"title": "CVE-2025-55184"
},
{
"cve": "CVE-2025-67779",
"product_status": {
"known_affected": [
"T049381",
"T049392",
"T049380",
"T049391",
"T049390",
"T049385",
"T049384",
"T049383",
"T049382",
"T049389",
"T049388",
"T049387",
"T049386"
]
},
"release_date": "2025-12-11T23:00:00.000+00:00",
"title": "CVE-2025-67779"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…