Share
## https://sploitus.com/exploit?id=E8901619-A0FC-5B0D-AA6A-FBFD2085D095
# CVE-2025-55182
Check for the **critical RCE vulnerability** in React Server Components (CVSS 10.0).
## Quick Start
```bash
npx cve-2025-55182
```
## About the Vulnerability
**CVE-2025-55182** is an unauthenticated remote code execution vulnerability in React Server Components with a CVSS score of 10.0 (Critical).
### Affected Packages
- `react-server-dom-webpack`
- `react-server-dom-parcel`
- `react-server-dom-turbopack`
### Affected Versions
- 19.0.0
- 19.1.0
- 19.1.1
- 19.2.0
### Fixed Versions
- 19.0.1+ (for 19.0.x)
- 19.1.2+ (for 19.1.x)
- 19.2.1+ (for 19.2.x)
## Usage
### Scan current directory
```bash
npx cve-2025-55182
```
### Scan specific directory
```bash
npx cve-2025-55182 ./my-project
```
### JSON output (for CI/CD)
```bash
npx cve-2025-55182 --json
```
### Use in CI
```yaml
# GitHub Actions example
- name: Check for CVE-2025-55182
run: npx cve-2025-55182
```
The command exits with code 0 if no vulnerabilities found, or the count of vulnerable projects otherwise.
## Supported Lockfiles
- `package-lock.json` (npm)
- `pnpm-lock.yaml` (pnpm)
- `yarn.lock` (yarn)
## References
- [Official React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
- [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-55182)
## License
MIT