Critical React Server Components RCE (CVE-2025-55182): What You Need to Patch Now

CVE-2025-55182 is a critical (CVSS 10.0) unauthenticated remote code execution vulnerability in React Server Components (react-server) and affected frameworks including Next.js; it stems from insecure deserialization of RSC "Flight" protocol payloads and is exploitable in default configurations. The advisory lists vulnerable and patched versions, exploitation indicators (e.g., POSTs to server function endpoints containing __proto__/constructor/prototype keys), detection queries, and immediate remediation guidance to upgrade to specified patched releases and implement monitoring and incident response measures.