CVE-2025-67779 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Meta	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
facebook	react	19.0.2
facebook	react	19.1.3
facebook	react	19.2.2
vercel	next.js	13.3.0 ≤ 𝑥 < 14.2.35
vercel	next.js	15.0.0 ≤ 𝑥 < 15.0.7
vercel	next.js	15.1.0 ≤ 𝑥 < 15.1.11
vercel	next.js	15.2.0 ≤ 𝑥 < 15.2.8
vercel	next.js	15.3.0 ≤ 𝑥 < 15.3.8
vercel	next.js	15.4.0 ≤ 𝑥 < 15.4.10
vercel	next.js	15.5.0 ≤ 𝑥 < 15.5.9
vercel	next.js	16.0.0 ≤ 𝑥 < 16.0.10
vercel	next.js	15.6.0
vercel	next.js	15.6.0:canary0
vercel	next.js	15.6.0:canary1
vercel	next.js	15.6.0:canary10
vercel	next.js	15.6.0:canary11
vercel	next.js	15.6.0:canary12
vercel	next.js	15.6.0:canary13
vercel	next.js	15.6.0:canary14
vercel	next.js	15.6.0:canary15
vercel	next.js	15.6.0:canary16
vercel	next.js	15.6.0:canary17
vercel	next.js	15.6.0:canary18
vercel	next.js	15.6.0:canary19
vercel	next.js	15.6.0:canary2
vercel	next.js	15.6.0:canary20
vercel	next.js	15.6.0:canary21
vercel	next.js	15.6.0:canary22
vercel	next.js	15.6.0:canary23
vercel	next.js	15.6.0:canary24
vercel	next.js	15.6.0:canary25
vercel	next.js	15.6.0:canary26
vercel	next.js	15.6.0:canary27
vercel	next.js	15.6.0:canary28
vercel	next.js	15.6.0:canary29
vercel	next.js	15.6.0:canary3
vercel	next.js	15.6.0:canary30
vercel	next.js	15.6.0:canary31
vercel	next.js	15.6.0:canary32
vercel	next.js	15.6.0:canary33
vercel	next.js	15.6.0:canary34
vercel	next.js	15.6.0:canary35
vercel	next.js	15.6.0:canary36
vercel	next.js	15.6.0:canary37
vercel	next.js	15.6.0:canary38
vercel	next.js	15.6.0:canary39
vercel	next.js	15.6.0:canary4
vercel	next.js	15.6.0:canary40
vercel	next.js	15.6.0:canary41
vercel	next.js	15.6.0:canary42
vercel	next.js	15.6.0:canary43
vercel	next.js	15.6.0:canary44
vercel	next.js	15.6.0:canary45
vercel	next.js	15.6.0:canary46
vercel	next.js	15.6.0:canary47
vercel	next.js	15.6.0:canary48
vercel	next.js	15.6.0:canary49
vercel	next.js	15.6.0:canary5
vercel	next.js	15.6.0:canary50
vercel	next.js	15.6.0:canary51
vercel	next.js	15.6.0:canary52
vercel	next.js	15.6.0:canary53
vercel	next.js	15.6.0:canary54
vercel	next.js	15.6.0:canary55
vercel	next.js	15.6.0:canary56
vercel	next.js	15.6.0:canary57
vercel	next.js	15.6.0:canary58
vercel	next.js	15.6.0:canary59
vercel	next.js	15.6.0:canary6
vercel	next.js	15.6.0:canary7
vercel	next.js	15.6.0:canary8
vercel	next.js	15.6.0:canary9
vercel	next.js	16.1.0
vercel	next.js	16.1.0:canary0
vercel	next.js	16.1.0:canary1
vercel	next.js	16.1.0:canary10
vercel	next.js	16.1.0:canary11
vercel	next.js	16.1.0:canary12
vercel	next.js	16.1.0:canary13
vercel	next.js	16.1.0:canary14
vercel	next.js	16.1.0:canary15
vercel	next.js	16.1.0:canary16
vercel	next.js	16.1.0:canary17
vercel	next.js	16.1.0:canary18
vercel	next.js	16.1.0:canary2
vercel	next.js	16.1.0:canary3
vercel	next.js	16.1.0:canary4
vercel	next.js	16.1.0:canary5
vercel	next.js	16.1.0:canary6
vercel	next.js	16.1.0:canary7
vercel	next.js	16.1.0:canary8
vercel	next.js	16.1.0:canary9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Vulnerability Media Exposure

References

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

https://www.facebook.com/security/advisories/cve-2025-67779