"The newly discovered vulnerabilities are CVE-2025-55184, CVE-2025-67779, and CVE-2025-55183. They do not enable remote code execution, but they can cause damage in other ways. The first two leaks make it possible to cause an infinite loop on the server. This loop causes the server to crash and prevents it from processing new requests. Denial of service affects availability The two denial of service vulnerabilities both receive a CVSS score of 7.5."
"Source code leak threatens secrets CVE-2025-55183 poses a different type of threat. Attackers can use a malicious HTTP request to retrieve the source code of any Server Function. This only works if a Server Function stringifies an argument, either explicitly or implicitly. The impact is rated 5.3. The leak can leak secrets from source code, such as hardcoded API keys or passwords."
Three additional vulnerabilities were discovered in React Server Components: CVE-2025-55184, CVE-2025-67779, and CVE-2025-55183. Two vulnerabilities enable denial-of-service by triggering infinite server-side loops through specially crafted HTTP requests, causing crashes and preventing request processing; both receive CVSS 7.5. Patches were released, but an initial fix for CVE-2025-55184 was incomplete, leaving versions 19.0.2, 19.1.3, and 19.2.2 vulnerable; full fixes are in 19.0.3, 19.1.4, and 19.2.3 (the same versions address CVE-2025-67779). CVE-2025-55183 allows retrieval of Server Function source code when a function stringifies an argument, rated 5.3, risking exposure of hardcoded secrets and runtime values.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]