2025-041: Critical Security Vulnerability in React Server Components

**CVE-2025-55182 — Critical RCE in React Server Components:** On December 3, 2025 the React Team disclosed a CVSS 10 vulnerability allowing unauthenticated remote code execution via unsafe deserialization of HTTP payloads sent to React Server Function endpoints; affected packages include react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack and several frameworks (e.g., Next.js App Router); users are advised to update to fixed versions (19.0.1, 19.1.2, or 19.2.1) immediately.