CVE-2025-55183

Name of the Vulnerable Software and Affected Versions React Server Components versions 19.0.0 through 19.2.1 react-server-dom-parcel react-server-dom-turbopack react-server-dom-webpack

Description An information leak issue exists in React Server Components. A crafted HTTP request sent to a vulnerable Server Function can return the source code of that function. Exploitation requires a Server Function that exposes a stringified argument. The issue may affect applications even without Server Functions, as any application supporting React Server Components can be impacted. The leak could expose business logic and control flow.

Recommendations Update to a newer version of React Server Components to address this vulnerability.