























On December 3, 2025, the maintainers of React and Next.js disclosed a critical pre-authentication remote code execution (RCE) vulnerability in React Server Components (CVE-2025-55182) with a CVSS score of 10.0.
The vulnerability impacts versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of RSC, as well as all frameworks that support React Server Components, including Next.js (CVE-2025-66478).
Okta has upgraded all production systems to fixed versions,
Okta has published actions required for application developers that rely on Auth0 or Okta SDKs to build React or Next.js applications,
While we have detected opportunistic scanning activity on non-vulnerable systems, we have not observed successful exploitation of this vulnerability against Auth0 or Okta services.
For actions required and developer guidance, please refer to the appropriate KnowledgeBase article:
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。