Share
## https://sploitus.com/exploit?id=9AB3A6B7-26B3-5445-9301-EB410CCEBD17
# React 19 & Next.js Security Fix Prompts for AI Agents

๐Ÿšจ **CRITICAL SECURITY VULNERABILITY** - CVE-2025-55182 & CVE-2025-66478

This repository contains reusable prompts to help AI coding assistants automatically fix critical React/Next.js security vulnerabilities.

## ๐Ÿ“‹ What's Inside

- **SECURITY_FIX_PROMPT.md** - Comprehensive, detailed prompt with full context
- **SECURITY_FIX_PROMPT_SHORT.md** - Concise version for quick sharing
- **SECURITY_PROMPT_README.md** - Detailed usage guide

## ๐Ÿš€ Quick Start

### Option 1: Quick Fix (Recommended)
Copy the entire content from `SECURITY_FIX_PROMPT_SHORT.md` and paste it into your AI coding assistant.

### Option 2: Detailed Fix
Use `SECURITY_FIX_PROMPT.md` for comprehensive instructions with full context.

## ๐ŸŽฏ What These Prompts Do

These prompts instruct AI agents to:
1. โœ… Scan repositories for React/Next.js dependencies
2. โœ… Identify vulnerable versions (CVE-2025-55182 & CVE-2025-66478)
3. โœ… Update to patched versions automatically
4. โœ… Verify the updates
5. โœ… Commit and push changes

## ๐Ÿ“ฆ Vulnerability Details

**CVE-2025-55182** (React Server Components - CRITICAL - CVSS 10.0)
- **Affected**: React 19.0.0 through 19.2.0
- **Patched**: React 19.0.1, 19.1.2, 19.2.1
- **Impact**: Remote Code Execution (RCE) vulnerability

**CVE-2025-66478** (Next.js - CRITICAL)
- **Affected**: Next.js 15.0.0 through 16.0.6
- **Patched**: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
- **Impact**: Same RCE vulnerability when using React Server Components

## ๐Ÿ”— Official Resources

- React Security Advisory: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- Next.js Security Advisory: https://nextjs.org/blog/CVE-2025-66478
- Google Cloud Response: https://cloud.google.com/blog/products/identity-security/responding-to-cve-2025-55182

## ๐Ÿ“ข Share with the Community

Feel free to:
- โญ Star this repository
- ๐Ÿ”„ Fork and customize for your needs
- ๐Ÿ“ค Share on social media
- ๐Ÿ’ฌ Post in developer communities
- ๐Ÿ“ Include in security advisories

## ๐Ÿค– Compatible AI Assistants

These prompts work with:
- Claude (Anthropic)
- ChatGPT (OpenAI)
- Cursor AI
- GitHub Copilot
- Codeium
- Any AI coding assistant

## ๐Ÿ“„ License

This repository is provided as-is for the community. Use freely to help secure React/Next.js applications.

---

**Remember**: This is a CRITICAL security vulnerability (CVSS 10.0). Update immediately!

**Created**: December 2025
**Last Updated**: December 2025