CVE-2025-55182 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Meta	CNA	10 CRITICAL				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
facebook	react	19.0.0
facebook	react	19.1.0
facebook	react	19.1.1
facebook	react	19.2.0
vercel	next.js	15.0.0 ≤ 𝑥 < 15.0.5
vercel	next.js	15.1.0 ≤ 𝑥 < 15.1.9
vercel	next.js	15.2.0 ≤ 𝑥 < 15.2.6
vercel	next.js	15.3.0 ≤ 𝑥 < 15.3.6
vercel	next.js	15.4.0 ≤ 𝑥 < 15.4.8
vercel	next.js	15.5.0 ≤ 𝑥 < 15.5.7
vercel	next.js	16.0.0 ≤ 𝑥 < 16.0.7
vercel	next.js	14.3.0:canary77
vercel	next.js	14.3.0:canary78
vercel	next.js	14.3.0:canary79
vercel	next.js	14.3.0:canary80
vercel	next.js	14.3.0:canary81
vercel	next.js	14.3.0:canary82
vercel	next.js	14.3.0:canary83
vercel	next.js	14.3.0:canary84
vercel	next.js	14.3.0:canary85
vercel	next.js	14.3.0:canary86
vercel	next.js	14.3.0:canary87
vercel	next.js	15.6.0
vercel	next.js	15.6.0:canary0
vercel	next.js	15.6.0:canary1
vercel	next.js	15.6.0:canary10
vercel	next.js	15.6.0:canary11
vercel	next.js	15.6.0:canary12
vercel	next.js	15.6.0:canary13
vercel	next.js	15.6.0:canary14
vercel	next.js	15.6.0:canary15
vercel	next.js	15.6.0:canary16
vercel	next.js	15.6.0:canary17
vercel	next.js	15.6.0:canary18
vercel	next.js	15.6.0:canary19
vercel	next.js	15.6.0:canary2
vercel	next.js	15.6.0:canary20
vercel	next.js	15.6.0:canary21
vercel	next.js	15.6.0:canary22
vercel	next.js	15.6.0:canary23
vercel	next.js	15.6.0:canary24
vercel	next.js	15.6.0:canary25
vercel	next.js	15.6.0:canary26
vercel	next.js	15.6.0:canary27
vercel	next.js	15.6.0:canary28
vercel	next.js	15.6.0:canary29
vercel	next.js	15.6.0:canary3
vercel	next.js	15.6.0:canary30
vercel	next.js	15.6.0:canary31
vercel	next.js	15.6.0:canary32
vercel	next.js	15.6.0:canary33
vercel	next.js	15.6.0:canary34
vercel	next.js	15.6.0:canary35
vercel	next.js	15.6.0:canary36
vercel	next.js	15.6.0:canary37
vercel	next.js	15.6.0:canary38
vercel	next.js	15.6.0:canary39
vercel	next.js	15.6.0:canary4
vercel	next.js	15.6.0:canary40
vercel	next.js	15.6.0:canary41
vercel	next.js	15.6.0:canary42
vercel	next.js	15.6.0:canary43
vercel	next.js	15.6.0:canary44
vercel	next.js	15.6.0:canary45
vercel	next.js	15.6.0:canary46
vercel	next.js	15.6.0:canary47
vercel	next.js	15.6.0:canary48
vercel	next.js	15.6.0:canary49
vercel	next.js	15.6.0:canary5
vercel	next.js	15.6.0:canary50
vercel	next.js	15.6.0:canary51
vercel	next.js	15.6.0:canary52
vercel	next.js	15.6.0:canary53
vercel	next.js	15.6.0:canary54
vercel	next.js	15.6.0:canary55
vercel	next.js	15.6.0:canary56
vercel	next.js	15.6.0:canary57
vercel	next.js	15.6.0:canary6
vercel	next.js	15.6.0:canary7
vercel	next.js	15.6.0:canary8
vercel	next.js	15.6.0:canary9
vercel	next.js	16.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Vulnerability Media Exposure

[ENGLISH] RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet
Published: 2026-01-16T09:15:00+00:00
[GERMAN] HPE-OneView-Sicherheitslücke wird sehr wahrscheinlich ausgenutzt
Eine kritische Sicherheitslücke in HPE OneView stellt ein erhebliches Risiko dar. Angreifer können die RCE-Schwachstelle über eine unsichere REST-API ausnutzen. Mit einem EPSS-Score von 81.31 Prozent ist die Wahrscheinlichkeit einer Ausnutzung extrem hoch.
Published: 2026-01-16T07:00:00+01:00
[GERMAN] 20 Prozent mehr ausgenutzte Schwachstellen im KEV-Katalog der CISA
Mit ihrem Katalog der „Known Exploited Vulnerabilities“ leistet die CISA einen wichtigen Beitrag für die Sicherheit der USA und hilft auch Unternehmen weltweit dabei, Sicherheitslücken zu priorisieren. Das waren die Highlights des Katalogs aus 2025.
Published: 2026-01-16T16:00:00+01:00

References

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

https://www.facebook.com/security/advisories/cve-2025-55182

http://www.openwall.com/lists/oss-security/2025/12/03/4

https://news.ycombinator.com/item?id=46136026

https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55182