CNNVD-202512-2084 Information

Dec 11, 2025 cve

CNNVD ID

CNNVD-202512-2084

CVE-2025-55184

CNNVD Published: 2025-12-11

Description (Chinese)

Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.0版本、19.0.1版本、19.1.0版本、19.1.1版本、19.1.2版本、19.2.0版本和19.2.1版本存在安全漏洞，该漏洞源于不安全反序列化HTTP请求负载，可能导致无限循环和拒绝服务。

Description (English)

Meta Reality Server Components is a series of components of the United States company Meta. There is a security loophole in Meta React Server Components 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, which stems from unsafe anti-sequencing HTTP request loads, which may lead to unlimited circulation and denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Published

2025-12-11

Last Modified

2026-02-24

References

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components https://www.facebook.com/security/advisories/cve-2025-55184 https://vigilance.fr/vulnerability/React-denial-of-service-via-Server-Components-49088

Patch

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions

Share on: