CVE-2025-55183

Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.1 react-server-dom-parcel versions 19.0.0 through 19.2.1 react-server-dom-turbopack versions 19.0.0 through 19.2.1 react-server-dom-webpack versions 19.0.0 through 19.2.1

Description An information leak issue exists in React Server Components. A crafted HTTP request to a vulnerable Server Function can expose the source code of that function. This requires the Server Function to expose a stringified argument. The issue affects applications using React Server Components, potentially impacting a large number of deployments. The vulnerability could lead to the disclosure of business logic and potentially sensitive information.

Recommendations Update to a newer version of React that contains a fix for this vulnerability.