Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Next.js Deserialization of Untrusted Data Vulnerability - CVE-2025-55182 - Vulnerability Database
Next.js

Next.js Deserialization of Untrusted Data Vulnerability - CVE-2025-55182

Critical
Reference: CVE-2025-55182
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-55182
Title: Next.js Deserialization of Untrusted Data Vulnerability
Overview:

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0 19.1.0 19.1.1 and 19.2.0 including the following packages: react-server-dom-parcel react-server-dom-turbopack and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.