{"id":6957,"date":"2025-12-09T11:28:08","date_gmt":"2025-12-09T11:28:08","guid":{"rendered":"https:\/\/www.hostinger.com\/support\/?p=6957"},"modified":"2026-03-16T12:12:19","modified_gmt":"2026-03-16T12:12:19","slug":"how-to-fix-the-react-server-components-vulnerability-in-next-js-cve-2025-55182-cve-2025-66478","status":"publish","type":"post","link":"https:\/\/www.hostinger.com\/support\/how-to-fix-the-react-server-components-vulnerability-in-next-js-cve-2025-55182-cve-2025-66478\/","title":{"rendered":"How to Fix the React Server Components Vulnerability in Next.js (CVE-2025-55182 \/ CVE-2025-66478)"},"content":{"rendered":"<div>Vulnerabilities have been identified in React Server Components (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-55182\" target=\"_blank\" rel=\"noopener\">CVE-2025-55182<\/a>, <a class=\"c-link\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-55184\" target=\"_blank\" rel=\"noopener noreferrer\" data-stringify-link=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-55184\" data-sk=\"tooltip_parent\">CVE-2025-55184<\/a>,&nbsp;<a class=\"c-link\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-67779\" target=\"_blank\" rel=\"noopener noreferrer\" data-stringify-link=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-67779\" data-sk=\"tooltip_parent\">CVE-2025-67779<\/a>,&nbsp;<a class=\"c-link\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-55183\" target=\"_blank\" rel=\"noopener noreferrer\" data-stringify-link=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-55183\" data-sk=\"tooltip_parent\">CVE-2025-55183<\/a>) and in frameworks like Next.js (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-66478\" target=\"_blank\" rel=\"noopener\">CVE-2025-66478<\/a>), affecting React 19. This vulnerability affects Next.js 15.x and 16.0.x using React Server Components on your VPS.<\/div><div><strong>Next.js versions with security fixes<\/strong>: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7.<\/div><div><strong>React versions with security fixes<\/strong>: 19.0.3+, 19.1.4+, 19.2.3+<\/div><div><\/div><div class=\"intercom-interblocks-callout\" style=\"background-color: #e3e7fa80;border-color: #334bfa33\"><b>Important: <\/b><span style=\"font-weight: 400\">This is a critical vulnerability with active exploitation expected. All Next.js users running versions 15.x or 16.0.x should update immediately to protect their applications from potential vulnerabilities.<\/span><\/div><h2 id=\"update_next\">How to Update Next.js<\/h2><h4>Option 1: <b>Automatic Upgrade Command<\/b><\/h4><p><span style=\"font-weight: 400\">The easiest way to update Next.js is to use the official upgrade command:<\/span><\/p><pre><code>npx @next\/codemod upgrade latest<\/code><\/pre><p><b>This command automatically:<\/b><\/p><ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Updates next.config.js with new turbopack configuration<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Migrates from next lint to the ESLint CLI<\/span><\/li>\n<li style=\"font-weight: 400\">Migrates deprecated middleware to the new proxy-based middleware system<\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Removes unstable_ prefix from stabilized APIs<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Removes experimental_ppr Route Segment Config<\/span><\/li>\n<\/ul><h4><b>Option 2: Manual Package Update<\/b><\/h4><p><span style=\"font-weight: 400\">If you prefer manual control, install the latest versions directly using your package manager:<\/span><\/p><p><b>Using npm:<\/b><\/p><pre><code>npm i next@latest react@latest react-dom@latest eslint-config-next@latest<\/code><\/pre><p><b>Using pnpm:<\/b><\/p><pre><code>pnpm i next@latest react@latest react-dom@latest eslint-config-next@latest<\/code><\/pre><p><b>Using Yarn:<\/b><\/p><pre><code>yarn add next@latest react@latest react-dom@latest eslint-config-next@latest<\/code><\/pre><p><b>Using Bun:<\/b><\/p><pre><code>bun add next@latest react@latest react-dom@latest eslint-config-next@latest<\/code><\/pre><p><b>Important for TypeScript users: <\/b><span style=\"font-weight: 400\">Ensure you also upgrade @types\/react and @types\/react-dom to their latest versions.<\/span><\/p><h3><b>Updating to Specific Patched Versions<\/b><\/h3><p>To update to a specific patched version based on your current Next.js release line:<\/p><pre><code>npm install next@15.0.5 # for 15.0.x users<\/code><\/pre><pre><code>npm install next@15.1.9 # for 15.1.x users<\/code><\/pre><pre><code>npm install next@15.2.6 # for 15.2.x users<\/code><\/pre><pre><code>npm install next@15.3.6 # for 15.3.x users<\/code><\/pre><pre><code>npm install next@15.4.8 # for 15.4.x users<\/code><\/pre><pre><code>npm install next@15.5.7 # for 15.5.x users<\/code><\/pre><pre><code>npm install next@16.0.7 # for 16.0.x users<\/code><\/pre><h2 id=\"react_router\"><b>For React Router Users<\/b><\/h2><p><span style=\"font-weight: 400\">If you&rsquo;re using React Router&rsquo;s unstable RSC APIs, upgrade the following dependencies:<\/span><\/p><pre><code>npm install react@latest<\/code><\/pre><pre><code>npm install react-dom@latest<\/code><\/pre><pre><code>npm install react-server-dom-parcel@latest<\/code><\/pre><pre><code>npm install react-server-dom-webpack@latest<\/code><\/pre><pre><code>npm install @vitejs\/plugin-rsc@latest<\/code><\/pre><h4><b>Verifying Your Update<\/b><\/h4><p><span style=\"font-weight: 400\">After updating, verify your installation by checking the versions:<\/span><\/p><pre><code>npm list next react react-dom<\/code><\/pre><p><span style=\"font-weight: 400\">Ensure all packages are updated to the patched versions listed above.<\/span><\/p><h2 id=\"Additional-safety-measures\">Additional safety measures<\/h2><p>Once the package is upgraded, make sure to perform cleanup in your VPS server.&nbsp; Detailed steps can be found <a href=\"https:\/\/www.hostinger.com\/support\/7161064-what-to-do-if-your-vps-has-been-hacked-at-hostinger\/\">What to Do if Your VPS Has Been Hacked at Hostinger?<\/a><\/p><h4><b>Additional Resources<\/b><\/h4><p><a href=\"https:\/\/www.hostinger.com\/support\/8224050-how-to-secure-your-vps-from-abusive-activity-at-hostinger\/\"><span style=\"font-weight: 400\">How to Secure Your VPS from Abusive Activity<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerabilities have been identified in React Server Components (CVE-2025-55182, CVE-2025-55184,&nbsp;CVE-2025-67779,&nbsp;CVE-2025-55183) and in frameworks like Next.js (CVE-2025-66478), affecting React 19. This vulnerability affects Next.js 15.x and&#8230;<\/p>\n","protected":false},"author":595,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"include_on_kodee":true,"footnotes":""},"categories":[199],"tags":[],"class_list":["post-6957","post","type-post","status-publish","format-standard","hentry","category-vps-management"],"hreflangs":[{"locale":"en-US","link":"https:\/\/www.hostinger.com\/support\/how-to-fix-the-react-server-components-vulnerability-in-next-js-cve-2025-55182-cve-2025-66478","default":1}],"include_on_kodee":true,"_links":{"self":[{"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/posts\/6957","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/comments?post=6957"}],"version-history":[{"count":11,"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/posts\/6957\/revisions"}],"predecessor-version":[{"id":7010,"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/posts\/6957\/revisions\/7010"}],"wp:attachment":[{"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/media?parent=6957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/categories?post=6957"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostinger.com\/support\/wp-json\/wp\/v2\/tags?post=6957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}