CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
| Software | From | Fixed in |
|---|---|---|
| facebook / react | 19.0.0 | 19.0.2 |
| facebook / react | 19.1.0 | 19.1.3 |
| facebook / react | 19.2.0 | 19.2.2 |
| vercel / next.js | 15.0.0 | 15.0.7 |
| vercel / next.js | 15.1.0 | 15.1.11 |
| vercel / next.js | 15.2.0 | 15.2.8 |
| vercel / next.js | 15.3.0 | 15.3.8 |
| vercel / next.js | 15.4.0 | 15.4.10 |
| vercel / next.js | 15.5.0 | 15.5.9 |
| vercel / next.js | 16.0.0 | 16.0.10 |
| vercel / next.js | 15.6.0 | 15.6.0.x |
| vercel / next.js | 15.6.0-canary0 | 15.6.0-canary0.x |
| vercel / next.js | 15.6.0-canary1 | 15.6.0-canary1.x |
| vercel / next.js | 15.6.0-canary10 | 15.6.0-canary10.x |
| vercel / next.js | 15.6.0-canary11 | 15.6.0-canary11.x |
| vercel / next.js | 15.6.0-canary12 | 15.6.0-canary12.x |
| vercel / next.js | 15.6.0-canary13 | 15.6.0-canary13.x |
| vercel / next.js | 15.6.0-canary14 | 15.6.0-canary14.x |
| vercel / next.js | 15.6.0-canary15 | 15.6.0-canary15.x |
| vercel / next.js | 15.6.0-canary16 | 15.6.0-canary16.x |
| vercel / next.js | 15.6.0-canary17 | 15.6.0-canary17.x |
| vercel / next.js | 15.6.0-canary18 | 15.6.0-canary18.x |
| vercel / next.js | 15.6.0-canary19 | 15.6.0-canary19.x |
| vercel / next.js | 15.6.0-canary2 | 15.6.0-canary2.x |
| vercel / next.js | 15.6.0-canary20 | 15.6.0-canary20.x |
| vercel / next.js | 15.6.0-canary21 | 15.6.0-canary21.x |
| vercel / next.js | 15.6.0-canary22 | 15.6.0-canary22.x |
| vercel / next.js | 15.6.0-canary23 | 15.6.0-canary23.x |
| vercel / next.js | 15.6.0-canary24 | 15.6.0-canary24.x |
| vercel / next.js | 15.6.0-canary25 | 15.6.0-canary25.x |
| vercel / next.js | 15.6.0-canary26 | 15.6.0-canary26.x |
| vercel / next.js | 15.6.0-canary27 | 15.6.0-canary27.x |
| vercel / next.js | 15.6.0-canary28 | 15.6.0-canary28.x |
| vercel / next.js | 15.6.0-canary29 | 15.6.0-canary29.x |
| vercel / next.js | 15.6.0-canary3 | 15.6.0-canary3.x |
| vercel / next.js | 15.6.0-canary30 | 15.6.0-canary30.x |
| vercel / next.js | 15.6.0-canary31 | 15.6.0-canary31.x |
| vercel / next.js | 15.6.0-canary32 | 15.6.0-canary32.x |
| vercel / next.js | 15.6.0-canary33 | 15.6.0-canary33.x |
| vercel / next.js | 15.6.0-canary34 | 15.6.0-canary34.x |
| vercel / next.js | 15.6.0-canary35 | 15.6.0-canary35.x |
| vercel / next.js | 15.6.0-canary36 | 15.6.0-canary36.x |
| vercel / next.js | 15.6.0-canary37 | 15.6.0-canary37.x |
| vercel / next.js | 15.6.0-canary38 | 15.6.0-canary38.x |
| vercel / next.js | 15.6.0-canary39 | 15.6.0-canary39.x |
| vercel / next.js | 15.6.0-canary4 | 15.6.0-canary4.x |
| vercel / next.js | 15.6.0-canary40 | 15.6.0-canary40.x |
| vercel / next.js | 15.6.0-canary41 | 15.6.0-canary41.x |
| vercel / next.js | 15.6.0-canary42 | 15.6.0-canary42.x |
| vercel / next.js | 15.6.0-canary43 | 15.6.0-canary43.x |
| vercel / next.js | 15.6.0-canary44 | 15.6.0-canary44.x |
| vercel / next.js | 15.6.0-canary45 | 15.6.0-canary45.x |
| vercel / next.js | 15.6.0-canary46 | 15.6.0-canary46.x |
| vercel / next.js | 15.6.0-canary47 | 15.6.0-canary47.x |
| vercel / next.js | 15.6.0-canary48 | 15.6.0-canary48.x |
| vercel / next.js | 15.6.0-canary49 | 15.6.0-canary49.x |
| vercel / next.js | 15.6.0-canary5 | 15.6.0-canary5.x |
| vercel / next.js | 15.6.0-canary50 | 15.6.0-canary50.x |
| vercel / next.js | 15.6.0-canary51 | 15.6.0-canary51.x |
| vercel / next.js | 15.6.0-canary52 | 15.6.0-canary52.x |
| vercel / next.js | 15.6.0-canary53 | 15.6.0-canary53.x |
| vercel / next.js | 15.6.0-canary54 | 15.6.0-canary54.x |
| vercel / next.js | 15.6.0-canary55 | 15.6.0-canary55.x |
| vercel / next.js | 15.6.0-canary56 | 15.6.0-canary56.x |
| vercel / next.js | 15.6.0-canary57 | 15.6.0-canary57.x |
| vercel / next.js | 15.6.0-canary58 | 15.6.0-canary58.x |
| vercel / next.js | 15.6.0-canary59 | 15.6.0-canary59.x |
| vercel / next.js | 15.6.0-canary6 | 15.6.0-canary6.x |
| vercel / next.js | 15.6.0-canary7 | 15.6.0-canary7.x |
| vercel / next.js | 15.6.0-canary8 | 15.6.0-canary8.x |
| vercel / next.js | 15.6.0-canary9 | 15.6.0-canary9.x |
| vercel / next.js | 16.1.0 | 16.1.0.x |
| vercel / next.js | 16.1.0-canary0 | 16.1.0-canary0.x |
| vercel / next.js | 16.1.0-canary1 | 16.1.0-canary1.x |
| vercel / next.js | 16.1.0-canary10 | 16.1.0-canary10.x |
| vercel / next.js | 16.1.0-canary11 | 16.1.0-canary11.x |
| vercel / next.js | 16.1.0-canary12 | 16.1.0-canary12.x |
| vercel / next.js | 16.1.0-canary13 | 16.1.0-canary13.x |
| vercel / next.js | 16.1.0-canary14 | 16.1.0-canary14.x |
| vercel / next.js | 16.1.0-canary15 | 16.1.0-canary15.x |
| vercel / next.js | 16.1.0-canary16 | 16.1.0-canary16.x |
| vercel / next.js | 16.1.0-canary17 | 16.1.0-canary17.x |
| vercel / next.js | 16.1.0-canary18 | 16.1.0-canary18.x |
| vercel / next.js | 16.1.0-canary2 | 16.1.0-canary2.x |
| vercel / next.js | 16.1.0-canary3 | 16.1.0-canary3.x |
| vercel / next.js | 16.1.0-canary4 | 16.1.0-canary4.x |
| vercel / next.js | 16.1.0-canary5 | 16.1.0-canary5.x |
| vercel / next.js | 16.1.0-canary6 | 16.1.0-canary6.x |
| vercel / next.js | 16.1.0-canary7 | 16.1.0-canary7.x |
| vercel / next.js | 16.1.0-canary8 | 16.1.0-canary8.x |
| vercel / next.js | 16.1.0-canary9 | 16.1.0-canary9.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime