## https://sploitus.com/exploit?id=9AB3A6B7-26B3-5445-9301-EB410CCEBD17
# React 19 & Next.js Security Fix Prompts for AI Agents
๐จ **CRITICAL SECURITY VULNERABILITY** - CVE-2025-55182 & CVE-2025-66478
This repository contains reusable prompts to help AI coding assistants automatically fix critical React/Next.js security vulnerabilities.
## ๐ What's Inside
- **SECURITY_FIX_PROMPT.md** - Comprehensive, detailed prompt with full context
- **SECURITY_FIX_PROMPT_SHORT.md** - Concise version for quick sharing
- **SECURITY_PROMPT_README.md** - Detailed usage guide
## ๐ Quick Start
### Option 1: Quick Fix (Recommended)
Copy the entire content from `SECURITY_FIX_PROMPT_SHORT.md` and paste it into your AI coding assistant.
### Option 2: Detailed Fix
Use `SECURITY_FIX_PROMPT.md` for comprehensive instructions with full context.
## ๐ฏ What These Prompts Do
These prompts instruct AI agents to:
1. โ Scan repositories for React/Next.js dependencies
2. โ Identify vulnerable versions (CVE-2025-55182 & CVE-2025-66478)
3. โ Update to patched versions automatically
4. โ Verify the updates
5. โ Commit and push changes
## ๐ฆ Vulnerability Details
**CVE-2025-55182** (React Server Components - CRITICAL - CVSS 10.0)
- **Affected**: React 19.0.0 through 19.2.0
- **Patched**: React 19.0.1, 19.1.2, 19.2.1
- **Impact**: Remote Code Execution (RCE) vulnerability
**CVE-2025-66478** (Next.js - CRITICAL)
- **Affected**: Next.js 15.0.0 through 16.0.6
- **Patched**: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
- **Impact**: Same RCE vulnerability when using React Server Components
## ๐ Official Resources
- React Security Advisory: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- Next.js Security Advisory: https://nextjs.org/blog/CVE-2025-66478
- Google Cloud Response: https://cloud.google.com/blog/products/identity-security/responding-to-cve-2025-55182
## ๐ข Share with the Community
Feel free to:
- โญ Star this repository
- ๐ Fork and customize for your needs
- ๐ค Share on social media
- ๐ฌ Post in developer communities
- ๐ Include in security advisories
## ๐ค Compatible AI Assistants
These prompts work with:
- Claude (Anthropic)
- ChatGPT (OpenAI)
- Cursor AI
- GitHub Copilot
- Codeium
- Any AI coding assistant
## ๐ License
This repository is provided as-is for the community. Use freely to help secure React/Next.js applications.
---
**Remember**: This is a CRITICAL security vulnerability (CVSS 10.0). Update immediately!
**Created**: December 2025
**Last Updated**: December 2025