{"uuid": "457cfea4-fa62-4ea4-9608-02640b99e920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-55182", "type": "exploited", "source": "https://t.me/alexmakus/5520", "content": "We're following up on our earlier communication regarding CVE-2025-55182, the\u00a0critical RCE vulnerability affecting React Server Components.\nWe want to be direct: if you have not yet upgraded, please do so immediately. That is the only way to be safe. Since our initial outreach, public exploits are available and threat activity has significantly increased. As of today, Vercel has blocked all new deployments of vulnerable Next.js versions.\u00a0\nYour next step: upgrade to a patched version of Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7). See blog post for full details and remediation guidance. We will continue to update this blog as needed.\nResources for protecting against 'React2Shell'\nIf you have questions or need support with your upgrade path, reply to this email or reach out to security@vercel.com.\n\n\u043d\u0438\u0447\u043e\u0441\u0438 \u0442\u0430\u043c \u0443 \u043d\u0438\u0445 \u043f\u0440\u0438\u043f\u0435\u043a\u043b\u043e", "creation_timestamp": "2025-12-08T00:25:59.000000Z"}