Security vulnerabilities and automated fixes for deserialization issues
1 post found
A critical pre-authentication remote code execution vulnerability (CVE-2025-55182) was discovered in Next.js React Server Components, allowing attackers to execute arbitrary code on servers without any login or credentials required. The flaw stems from unsafe deserialization of untrusted data passed through the RSC pipeline. The vulnerability has been patched across multiple Next.js release lines, and all affected projects should upgrade immediately.