CNNVD-202512-2253 Information

CNNVD ID

CNNVD-202512-2253

Related CVE

CVE-2025-67779

• CNNVD Published: 2025-12-12

Description (Chinese)

Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.2版本、19.1.3版本和19.2.2版本存在安全漏洞，该漏洞源于不安全反序列化，可能导致无限循环和拒绝服务。

Description (English)

Meta Reality Server Components is a series of components of the United States company Meta. There is a security loophole in Meta Reality Server Components, Version 19.02, Version 19.1.3 and Version 19.2.2, which stems from unsafe back-sequencing and may lead to unlimited circulation and denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Meta

Published

2025-12-12

Last Modified

2026-02-24

References

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components https://www.facebook.com/security/advisories/cve-2025-67779 https://vigilance.fr/vulnerability/React-denial-of-service-via-Server-Components-2-49089

Patch

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions