Incident Overview:

Recently, the React team at Meta disclosed a critical remote code execution vulnerability (CVE-2025-55182) in React Server Components (RSC). RSC is a core feature that enables developers to render components directly on the server and send the results to the client, thereby enhancing performance and user experience. This technology is now widely adopted by major frameworks such as Next.js, Shopify Hydrogen, and Gatsby 5, and is commonly used across various domains including e-commerce platforms, SaaS services, and content-driven websites.

Based on monitoring data from the FOFA asset mapping platform, Ruijie Security team has identified over 7.66 million assets built on Next.js. This indicates that more than 2 million servers may be exposed to potential security risks. What makes the situation particularly severe is that the exploitation success rate for this vulnerability is exceptionally high—close to 100%—allowing attackers to reliably achieve full remote code execution, thereby posing a serious threat to system security.

Serious Impact:

Vulnerability ID: CVE-2025-55182
Type: Remote Code Execution (RCE)
Severity: High / Critical
Scope: Affects frameworks and libraries using React Server Components, such as Next.js, etc.
Disclosure Date: December 3, 2025
CVSS Score: 10.0 (the highest score on the 1-10 scale)
PoC Status: Publicly available
Three Major Potential Results:
1. Data Breach: Theft of user-sensitive information and corporate core data.
2. Website Defacement: Homepage hijacking, hidden link injection, leading to brand reputation damage.
3. Server Compromise: Systems become a launchpad for further attacks and a starting point for internal network penetration.

Defense in depth:

Ruijie Network Z-Series Firewalls accurately filter malicious traffic carrying the CVE-2025-55182 attack signature at the network perimeter. By adopting a detection philosophy that combines generic vulnerability detection with specific exploit identification, they achieve precise blocking and mitigation of both unknown and known vulnerabilities. For web application security, through in-depth parsing of HTTP request packets, the firewalls precisely identify high-risk parameters (such as calls to child_process.execSync) and maliciously crafted content, thereby reinforcing a multi-layered defense barrier at the web tier.

Action Recommendations - Upgrade the firewall's IPS engine to version v20251208.1421.
Verify whether rules 13240144, 13240145, and 13240146 are included in the rule base. After enabling automatic updates in the System > Signature Update module, the signature database will automatically update via the internet and keep the entrie network fully protected.

Worry-Free Guarantee:

Based on the above analysis, in response to the React CVE-2025-55182 vulnerability with a critical flaw and a maximum CVSS score—Ruijie Firewall's core protection strengths can be summarized into three key characteristics: Fast, Comprehensive, and Simple.
- Fast Response: Within 24 hours of the vulnerability being disclosed, Ruijie completed the extraction of attack signatures and synchronized the protection rules, enabling users to activate effective defense immediately.
- Comprehensive Coverage: Provides targeted protection rules that are ready to use upon activation, requiring no complex configuration.
- Simple Deployment: Even if system patch upgrades are not yet completed, users can quickly establish a security buffer zone by enabling the rules with just one click.

Secure Your Network Today :

The digital world moves fast, but Ruijie moves faster. Ensure your devices are behind the world-class protection of the Z-Series.

Explore our Z-Series Firewall Products: