The security vulnerability CVE-2025-55182 directly impacts React and Next.js, enabling remote code execution without authentication. With the vWAF application firewall, systems running React/NextJS on GreenNode are proactively protected against widespread exploitation attempts.
1. Security Vulnerability CVE-2025-55182: Critical RCE in React Server Components
On November 29, security researcher Lachlan Davidson discovered a severe vulnerability in the deserialization module used by React and Next.js. On December 3, 2025, the React team issued an official advisory under ID CVE-2025-55182. For more information, please see this link.
This vulnerability is an unauthenticated Remote Code Execution (RCE) flaw that directly affects React Server Components (RSC) — a core feature of React 19 and frameworks built on it, especially Next.js (related ID: CVE-2025-66478).
How the vulnerability works
CVE-2025-55182 originates from unsafe deserialization within the Flight protocol of React Server Components. When the application processes HTTP POST requests to Server Function endpoints, attackers can send specially crafted encoded payloads that allow arbitrary code execution on the server.
Even if your application does not implement Server Function endpoints, enabling RSC alone is enough to expose your system to attacks.
According to NVD, the vulnerability received a CVSS score of 10.0 (Critical), reflecting maximum severity:
- Remote exploitation.
- No authentication required.
- No user interaction required.
- Complete compromise of confidentiality, integrity, and availability.
2. vWAF – A Proactive “Firewall Shield” Against CVE-2025-55182
Recognizing the severity of this vulnerability, GreenNode (formerly VNG Cloud) immediately updated the vWAF application firewall rules to block exploitation techniques targeting RSC.
Updated firewall rules
vWAF now detects and blocks:
- POST requests containing abnormal serialized payloads
- Suspicious JSON parameters or module-call behaviors associated with exploitation
- Access attempts to endpoints resembling malicious server-function patterns
- With these updates, all customers who have enabled vWAF are already protected—even if they have not yet upgraded React or Next.js.
3. Security Recommendation: Upgrading Remains the Most Effective Long-Term Solution
While the vWAF firewall significantly reduces exploitation risk during the critical window, upgrading to patched versions remains the safest and most comprehensive fix.
Affected versions:
Package | Affected versions |
React | 19.0, 19.1, 19.2 |
Next.js | 14.3.0-canary, 15.x, 16.x (App Router) |
Patched versions:
Package | Patched versions |
React | 19.0.1, 19.1.2, 19.2.1 |
Next.js | 14.3.0-canary.88, 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7 |
The GreenNode security team will continue monitoring for new exploit variants and update vWAF firewall rules as needed.
If you're running applications on React/NextJS, check your version immediately and activate the next-generation vWAF firewall for temporary protection while preparing to upgrade.
4. Start Using Our Firewall Service vWAF Today
The vWAF next-generation firewall is more than just a protection tool—it is a reliable security partner, helping your business stay focused on growth without worrying about cybersecurity or emerging vulnerabilities. For more information or deployment assistance, visit the VNG Cloud Portal or contact our 24/7 support team.
We commit to delivering the highest level of security for Vietnam’s cloud ecosystem. Thank you for trusting GreenNode solutions.