Share
## https://sploitus.com/exploit?id=SAINT:5128C97725087BF45E40D6E0EFC78097
Added: 12/11/2025  


### Background

React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. 

### Problem

A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by sending specially crafted serialized data in a POST request. 

### Resolution

Upgrade to React 19.0.1, 19.1.2, or 19.2.1 or higher, or to NextJS 12.3.5, 13.5.9, 14.2.25, 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7 or higher. 

### References

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components