Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-55183
Good to know:
Date: December 11, 2025
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version react-server-dom-webpack - 19.0.3;react-server-dom-webpack - 19.1.4;react-server-dom-webpack - 19.2.3;react-server-dom-webpack - 19.0.2;react-server-dom-webpack - 19.1.3;react-server-dom-webpack - 19.2.2;react-server-dom-parcel - 19.0.3;react-server-dom-parcel - 19.1.4;react-server-dom-parcel - 19.2.3;react-server-dom-parcel - 19.1.3;react-server-dom-parcel - 19.2.2;react-server-dom-turbopack - 19.0.3;react-server-dom-turbopack - 19.1.4;react-server-dom-turbopack - 19.2.3;react-server-dom-turbopack - 19.0.2;react-server-dom-turbopack - 19.1.3;react-server-dom-turbopack - 19.2.2;next - 16.0.7;next - 15.5.7;next - 15.4.8;next - 15.3.6;next - 15.2.6;next - 15.1.9;next - 15.0.5
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |