Skip to content

Security: Example app update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 #951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gyaneshgouraw-okta merged 1 commit into from
Dec 12, 2025
Merged

Security: Example app update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 #951

gyaneshgouraw-okta merged 1 commit into from
Dec 12, 2025

Conversation

@tusharpandey13
Copy link
Contributor

@tusharpandey13 tusharpandey13 commented Dec 12, 2025
edited
Loading

Premise

On December 11, 2025, Next.js disclosed two security vulnerabilities affecting applications using React Server Components with the App Router:

  1. CVE-2025-55184 / CVE-2025-67779 (High Severity) - Denial of Service via infinite loop
  2. CVE-2025-55183 (Medium Severity) - Source code exposure in Server Functions

These vulnerabilities originate in the upstream React RSC protocol implementation. While neither allows Remote Code Execution, upgrading to patched versions is required.

Changes

Changed examples/next-app/package.json:

Package Before After
next 15.4.8 15.4.10

References

@tusharpandey13 tusharpandey13 requested a review from a team as a code owner December 12, 2025 06:12
@tusharpandey13 tusharpandey13 changed the title security: bump next versions in deps of example; ref: https://nextjs.org/blog/security-update-2025-12-11; fixes CVE-2025-55183, CVE-2025-55184/CVE-2025-67779 Security: Update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 Dec 12, 2025
gyaneshgouraw-okta
gyaneshgouraw-okta requested changes Dec 12, 2025
View reviewed changes
@gyaneshgouraw-okta gyaneshgouraw-okta changed the title Security: Update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 Security: Example app update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 Dec 12, 2025
@gyaneshgouraw-okta gyaneshgouraw-okta merged commit 22b24c6 into main Dec 12, 2025
18 checks passed
@gyaneshgouraw-okta gyaneshgouraw-okta deleted the security/CVE-2025-55184/CVE-2025-67779-CVE-2025-55183 branch December 12, 2025 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@subhankarmaiti subhankarmaiti subhankarmaiti approved these changes

@gyaneshgouraw-okta gyaneshgouraw-okta gyaneshgouraw-okta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tusharpandey13 @subhankarmaiti @gyaneshgouraw-okta