The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an “act now” critical alert regarding a vulnerability in a popular open source software library, React.
CVE-2025-55182 was disclosed by React’s developers overnight on 3 December and has been a cause of some concern since then.
JavaScript is required for CAPTCHA verification to submit this form.
By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.
Create free account to get unlimited news articles and more!
JavaScript is required for CAPTCHA verification to submit this form.
If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
Keep me signed in on this device.
To continue reading the rest of this article, please log in.
You’re out of free articles for this month
“ASD’s ACSC is aware of a critical vulnerability in React Server Components, which is used extensively in modern web applications,” the ASD said in its alert.
Vulnerability has a CVSS score of 10, making it about as critical as vulnerabilities can get. If exploited, it could allow an attacker to achi
React cybersecurity rating report: https://www.rankiteo.com/company/reactofficial
"id": "REA1764886206",
"linkid": "reactofficial",
"type": "Vulnerability",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Technology/Web Development',
'location': 'Global',
'name': None,
'size': None,
'type': 'Software Library'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'date_publicly_disclosed': '2023-12-03',
'description': 'The Australian Signals Directorate’s Australian '
'Cyber Security Centre (ASD’s ACSC) has issued an '
"'act now' critical alert regarding a "
'vulnerability in React, a popular open-source '
'software library. The vulnerability '
'(CVE-2025-55182) could allow an attacker to '
'achieve unspecified malicious actions if '
'exploited.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Modern web applications using '
'React Server Components'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Australian Signals Directorate’s '
'Australian Cyber Security Centre '
'(ASD’s ACSC)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public alert issued by '
'ASD’s ACSC',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Critical Vulnerability in React Server Components '
'(CVE-2025-55182)',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-55182'}}