CNNVD-202512-2086 Information

Dec 11, 2025 cve

CNNVD ID

CNNVD-202512-2086

CVE-2025-55183

CNNVD Published: 2025-12-11

Description (Chinese)

Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.0版本、19.0.1版本、19.1.0版本、19.1.1版本、19.1.2版本、19.2.0版本和19.2.1版本存在安全漏洞，该漏洞源于特制HTTP请求可能不安全返回服务器功能源代码，可能导致信息泄露。

Description (English)

Meta Reality Server Components is a series of components of the United States company Meta. There is a security loophole in Meta React Server Components 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, which stems from the potential for unsafe return of server power energy codes to the unique HTTP request, which could lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Published

2025-12-11

Last Modified

2026-02-24

References

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components https://www.facebook.com/security/advisories/cve-2025-55183 https://vigilance.fr/vulnerability/React-information-disclosure-via-Source-Code-Exposure-49087

Patch

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions

Share on: