Tanzu Security Advisory for Critical React RCE Vulnerability CVE-2025-55182 - No Tanzu Product Impacted
36602
12 December 2025
12 December 2025
CLOSED
CRITICAL
10.0
N/A
CVE-2025-55182
Tanzu Security Advisory for Critical React RCE Vulnerability CVE-2025-55182 - No Tanzu Product Impacted
|
Severity: |
Critical |
|
CVSSv3 Range: |
10.0 |
|
CVSSv3 Vector: |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
Issue Date: |
2025-12-12 |
|
Updated on: |
|
|
CVE(s) |
CVE-2025-55182 |
|
Synopsis |
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. The following React frameworks & bundlers are also affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk. |
Product Versions Affected
No Tanzu products were impacted
https://blogs.vmware.com/tanzu/supply-chain-security-how-accurate-sboms-can-deliver-proactive-threat-mitigation/
Upstream OSS Advisory Link:
- https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Mitigation
N/A - No Tanzu products were impacted
History
2025-12-12: Initial vulnerability report published.
Contact
E-mail: [email protected]
VMware Tanzu Security Advisories
https://tanzu.vmware.com/security
Non-Affected Products - Using React
Although these products include React, based on the information disclosed by React and investigation conducted by our teams at this time, these products are not affected by CVE-2025-55182 because they do not use React Server Components of the impacted versions.
- API Gateway for VMware Tanzu Platform
- VMware Tanzu Greenplum SQL Editor
Non-Affected Products
Following products are not affected by CVE-2025-55182 because they do not use React 19.0, 19.1.0, 19.1.1, or 19.2.0.
- .NET Core Buildpack
- AI Services for VMware Tanzu Platform
- Anti-Virus Scanning for VMware Tanzu Platform
- API portal for VMware Tanzu
- App Autoscaler CLI Plugin for VMware Tanzu Platform
- App Metrics
- Application Configuration Service for VMware Tanzu
- Application Services for VMware Tanzu Platform
- Azure Spring Apps
- Binary Buildpack
- BOSH Backup and Restore
- cf-mgmt for VMware Tanzu Platform
- Cloud Service Broker for AWS for VMware Tanzu Platform
- Cloud Service Broker for Azure for VMware Tanzu Platform
- Cloud Service Broker for GCP for VMware Tanzu Platform
- Cluster Essentials for VMware Tanzu
- Compliance Scanning for VMware Tanzu Platform
- Concourse for VMware Tanzu
- CredHub Secrets Management for VMware Tanzu Platform
- Elastic Application Runtime for VMware Tanzu Platform
- Elastic Application Runtime Windows add-on for VMware Tanzu Platform
- Extended App Support for Tanzu Platform
- File Integrity Monitoring for VMware Tanzu Platform
- FIPS Compliant Base Stack of Ubuntu Bionic for VMware Tanzu
- Foundation Core for VMware Tanzu Platform
- Go Buildpack
- Healthwatch
- IPsec Encryption for VMware Tanzu Platform
- Isolation Segmentation for VMware Tanzu Platform
- Java Buildpack
- Kerberos Buildpack
- Luna Security Provider Buildpack for VMware Tanzu
- Metric Store
- Minio Internal Blobstore for VMware Tanzu
- NGINX Buildpack
- NodeJS Buildpack
- Open Source RabbitMQ
- PHP Buildpack
- Platform Automation Toolkit
- Platform Services for VMware Tanzu Platform
- Python Buildpack
- R Buildpack
- Redis Enterprise for VMware Tanzu
- Redis Enterprise Service Broker for VMware Tanzu
- Ruby Buildpack
- Scheduler for VMware Tanzu Platform
- Service Publisher for VMware Tanzu Platform
- Services Toolkit for VMware Tanzu
- Single Sign-On for VMware Tanzu Platform
- Spring Cloud Data Flow for VMware Tanzu
- Spring Cloud Gateway for Kubernetes
- Staticfile Buildpack
- Stemcells (Ubuntu Jammy Azure Light)
- Stemcells (Ubuntu Jammy FIPS)
- Stemcells (Ubuntu Jammy)
- Stemcells (Ubuntu Noble)
- Stemcells (Windows)
- Tanzu Data Management Console
- Tanzu Hub
- Tanzu Kubernetes Grid Integrated Edition (TKGi) - CLI & Tile
- Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console
- Tanzu Platform Developer Tools
- TAS Integration for Tanzu Observability
- tc Server Buildpack
- Telemetry Collector
- Telemetry for VMware Tanzu Platform
- VMware Harbor Registry
- VMware Spring Cloud Data Flow for Kubernetes
- VMware Spring Cloud Services for Kubernetes
- VMware Tanzu CLI
- VMware Tanzu Data Flow on Kubernetes
- VMware Tanzu Data Flow on Tanzu Platform
- VMware Tanzu Data Lake
- VMware Tanzu Distribution of OpenJDK
- VMware Tanzu for MySQL on Kubernetes
- VMware Tanzu for MySQL on Tanzu Platform
- VMware Tanzu for Postgres
- VMware Tanzu for Postgres on Kubernetes
- VMware Tanzu for Postgres on Tanzu Platform
- VMware Tanzu for Valkey
- VMware Tanzu for Valkey on Kubernetes
- VMware Tanzu for Valkey on Tanzu Platform
- VMware Tanzu GemFire
- VMware Tanzu GemFire Management Console
- VMware Tanzu GemFire on Kubernetes
- VMware Tanzu GemFire on Tanzu Platform
- VMware Tanzu GemFire Search
- VMware Tanzu GemFire Vector Database
- VMware Tanzu Greenplum
- VMware Tanzu Greenplum Backup and Restore
- VMware Tanzu Greenplum Command Center
- VMware Tanzu Greenplum Data Copy Utility
- VMware Tanzu Greenplum Decision Support Benchmark
- VMware Tanzu Greenplum on Kubernetes
- VMware Tanzu Greenplum Streaming Server
- VMware Tanzu Greenplum Upgrade
- VMware Tanzu Platform evaluation appliances
- VMware Tanzu RabbitMQ
- VMware Tanzu RabbitMQ on Kubernetes
- VMware Tanzu RabbitMQ on Tanzu Platform
- VMware Tanzu Service Broker for AWS
- VMware Tanzu Spring Enterprise Repository