Download our Latest Industry Report – Continuous Offensive Security Outlook 2026

Download Report

Day: December 4, 2025

Critical Advisory: Remote Code Execution in Next.js (CVE-2025-66478) with Working Exploit

Critical Advisory - React Next.js RCE

Date: December 4, 2025Severity: Critical (CVSS 10.0)Components: Next.js App Router & React Server Components We are alerting all customers to a critical Remote Code Execution (RCE) vulnerability affecting Next.js applications using the App Router. This vulnerability, tracked as CVE-2025-66478, stems from an upstream issue in the React Server Components (RSC) protocol (CVE-2025-55182). React provided a […]