zlacker

[return to "Critical RCE Vulnerabilities in React and Next.js"]
1. karimf+yd[view] [source] 2025-12-03 17:00:38
>>gonepi+(OP)
Dang, Cloudflare is moving fast. Cloudflare WAF proactively protects against React vulnerability https://blog.cloudflare.com/waf-rules-react-vulnerability/
◧◩
2. xnorsw+ae[view] [source] 2025-12-03 17:03:03
>>karimf+yd
This is what coordinated disclosure looks like.
◧◩◪
3. karimf+Wf[view] [source] 2025-12-03 17:10:57
>>xnorsw+ae
Given that most Next.js and RSC apps run on Vercel, I’m wondering if they’re doing the same thing. There’s no information about this in their latest blog post [0].

Update: They do similar thing. Mentioned here [1]

[0] https://nextjs.org/blog/CVE-2025-66478

[1] https://vercel.com/changelog/cve-2025-55182

[go to top]