NVD \u2013 CVE-2025-55182<\/a> )<\/p>\n <\/p>\n
\u25a0 Recommended Actions<\/p>\n
\u2013\u00a0Project Review<\/p>\n
: Check the versions of React and Next.js currently in use and verify whether any vulnerable versions are deployed.<\/p>\n
\u2013\u00a0Apply Security Patches (refer to the table above)<\/p>\n
: For React, update to version 19.01 \/ 19.1.2 \/ 19.2.1 or later.<\/p>\n
: For Next.js, update to 15.05 or later, or 16.07 or later.<\/p>\n
<\/p>\n
\u25a0 How to Identify Vulnerable Components in Sparrow Cloud<\/p>\n
Sparrow Open Source(SCA) can automatically detect vulnerabilities and identify risky components.<\/p>\n
<\/p>\n
1. Dashboard<\/p>\n
\u2013 After connecting to Sparrow Cloud, click the \u201cAdd Project\u201d button on the first screen to create a new project for analysis.<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/11-1024x483.png\")
<\/p>\n
2. Add a project<\/p>\n
\u2013 Enter the project name and click the \u201cAdd Project\u201d button to create the project.<\/p>\n
\u2013 Click the \u201cStart Analysis\u201d button, upload the source code compressed file or Git URL, and the analysis will begin.<\/p>\n
(To analyze a Git repository, you must first authenticate with Git in \u201cModify Project\u201d)<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/22-1024x483.png\")
<\/p>\n
3. Project Dashboard<\/p>\n
\u2013 Once the analysis is complete, you can check the total number of vulnerabilities and risk level on the project dashboard.<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/33-1024x484.png\")
<\/p>\n
4. Component tab<\/p>\n
\u2013 Automatically identifies all components included in your project in the “Component” tab.<\/p>\n
\u2013 You can check if the following vulnerable packages exist here:<\/p>\n
\n- next<\/li>\n
- react-server-dom-parcel<\/li>\n
- react-server-dom-turbopack<\/li>\n
- react-server-dom-webpack<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/44-1024x484.png\")
<\/p>\n
5. Component Details (Next.js)<\/p>\n
\u2013 Click on the component name to view detailed information.<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/55-1024x483.png\")
<\/p>\n
5-1. Component Details (react-server-dom-parcel)<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/66-1024x482.png\")
<\/p>\n
5-2. Component Details (react-server-dom-turbopack)<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/77-1024x482.png\")
<\/p>\n
5-3. Component Details (react-server-dom-webpack)<\/p>\n
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/88-1024x485.png\")
<\/p>\n
<\/p>\n
This vulnerability has been actively exploited shortly after disclosure, with actual intrusion cases already reported.<\/p>\n
Prompt environment validation and timely patch application are essential.<\/p>\n
<\/p>\n
Sparrow will provide full support to help minimize any potential impact on your organization and to ensure stable service operations.<\/p>\n
If you have any questions, please feel free to contact: marketing@sparrow.im<\/p>\n","protected":false},"featured_media":0,"template":"","categories":[],"class_list":["post-4342","notice","type-notice","status-publish","hentry"],"acf":[],"yoast_head":"\n
Notice on React Server Components Remote Code Execution (RCE) Vulnerability (CVE-2025-55182) - Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Notice on React Server Components Remote Code Execution (RCE) Vulnerability (CVE-2025-55182) - Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud\" \/>\n<meta property=\"og:description\" content=\"Dear Customers, A new security vulnerability, CVE-2025-55182, has been disclosed, allowing unauthenticated Remote Code Execution (RCE) in environments using React Server Components. This vulnerability has been rated Critical (CVSS 10.0) and can be exploited across various development frameworks and service environments, requiring immediate attention. \u25a0 Overview \u2013\u00a0CVE ID: CVE-2025-55182 \u2013\u00a0Severity: Critical (CVSS 10.0) \u2013\u00a0Affected Range […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/\" \/>\n<meta property=\"og:site_name\" content=\"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-12T00:45:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/\",\"url\":\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/\",\"name\":\"Notice on React Server Components Remote Code Execution (RCE) Vulnerability (CVE-2025-55182) - Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/sparrowcloud.ai\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png\",\"datePublished\":\"2025-12-12T00:43:52+00:00\",\"dateModified\":\"2025-12-12T00:45:16+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/#primaryimage\",\"url\":\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png\",\"contentUrl\":\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png\",\"width\":1160,\"height\":745},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sparrowcloud.ai\/en\/#website\",\"url\":\"https:\/\/sparrowcloud.ai\/en\/\",\"name\":\"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/sparrowcloud.ai\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sparrowcloud.ai\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sparrowcloud.ai\/en\/#organization\",\"name\":\"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud\",\"url\":\"https:\/\/sparrowcloud.ai\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sparrowcloud.ai\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2023\/12\/logo.png\",\"contentUrl\":\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2023\/12\/logo.png\",\"width\":169,\"height\":24,\"caption\":\"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud\"},\"image\":{\"@id\":\"https:\/\/sparrowcloud.ai\/en\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Notice on React Server Components Remote Code Execution (RCE) Vulnerability (CVE-2025-55182) - Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/","og_locale":"en_US","og_type":"article","og_title":"Notice on React Server Components Remote Code Execution (RCE) Vulnerability (CVE-2025-55182) - Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud","og_description":"Dear Customers, A new security vulnerability, CVE-2025-55182, has been disclosed, allowing unauthenticated Remote Code Execution (RCE) in environments using React Server Components. This vulnerability has been rated Critical (CVSS 10.0) and can be exploited across various development frameworks and service environments, requiring immediate attention. \u25a0 Overview \u2013\u00a0CVE ID: CVE-2025-55182 \u2013\u00a0Severity: Critical (CVSS 10.0) \u2013\u00a0Affected Range […]","og_url":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/","og_site_name":"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud","article_modified_time":"2025-12-12T00:45:16+00:00","og_image":[{"url":"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/","url":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/","name":"Notice on React Server Components Remote Code Execution (RCE) Vulnerability (CVE-2025-55182) - Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud","isPartOf":{"@id":"https:\/\/sparrowcloud.ai\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/#primaryimage"},"image":{"@id":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/#primaryimage"},"thumbnailUrl":"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png","datePublished":"2025-12-12T00:43:52+00:00","dateModified":"2025-12-12T00:45:16+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sparrowcloud.ai\/en\/notice\/notice-on-react-server-components-remote-code-execution-rce-vulnerability-cve-2025-55182\/#primaryimage","url":"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png","contentUrl":"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png","width":1160,"height":745},{"@type":"WebSite","@id":"https:\/\/sparrowcloud.ai\/en\/#website","url":"https:\/\/sparrowcloud.ai\/en\/","name":"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud","description":"","publisher":{"@id":"https:\/\/sparrowcloud.ai\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sparrowcloud.ai\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sparrowcloud.ai\/en\/#organization","name":"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud","url":"https:\/\/sparrowcloud.ai\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sparrowcloud.ai\/en\/#\/schema\/logo\/image\/","url":"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2023\/12\/logo.png","contentUrl":"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2023\/12\/logo.png","width":169,"height":24,"caption":"Cloud based Static & Dynamic Application Security Testing | Sparrow Cloud"},"image":{"@id":"https:\/\/sparrowcloud.ai\/en\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/sparrowcloud.ai\/en\/wp-json\/wp\/v2\/notice\/4342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sparrowcloud.ai\/en\/wp-json\/wp\/v2\/notice"}],"about":[{"href":"https:\/\/sparrowcloud.ai\/en\/wp-json\/wp\/v2\/types\/notice"}],"wp:attachment":[{"href":"https:\/\/sparrowcloud.ai\/en\/wp-json\/wp\/v2\/media?parent=4342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sparrowcloud.ai\/en\/wp-json\/wp\/v2\/categories?post=4342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/sparrowcloud.ai\/en\/wp-content\/uploads\/sites\/12\/2025\/12\/React2shell.png\")
<\/p>\n