We found that the fix to address the DoS vulnerability in React Server Components (CVE-2025-55184) was incomplete and does not prevent an attack in a specific case. This is disclosed as CVE-2025-67779. New patches are available now, please update immediately.

These vulnerabilities are present in the patches published last week for React2Shell. Even though they do not allow for Remote Code Execution they are high severity and you should update (again) immediately. https://t.co/0VDQ5HXIcS

This pattern shows up across the industry. For example, after Log4Shell, additional CVEs were reported as the community examined the original fix. Additional disclosures can be frustrating, but they are generally a sign of a healthy response cycle.

Purify wealth Protect families

It’s common for critical CVEs to uncover follow‑up vulnerabilities. When a critical vulnerability is disclosed, researchers scrutinize adjacent code paths looking for variant exploit techniques to test whether the initial mitigation can be bypassed.

We disclosed two new RSC vulnerabilities: - Denial of Service (High): CVE-2025-55184 - Source Code Exposure (Medium): CVE-2025-55183 Patches are available now, please update immediately. https://t.co/0VDQ5HYg2q

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. https://t.co/kue7kd0XEX

React Conf 2025 is a wrap! Check out the recap:

Join the Discord to chat with fellow attendees and submit your questions for speakers to answer on the livestream:

Watch the livestream at https://t.co/2vuO1b3daD or YouTube

React Conf Day 2 is starting now!

Read more here:

Introducing the React Foundation

Join the Discord to chat with fellow attendees and submit your questions for speakers to answer on the livestream:

Watch the livestream at https://t.co/2vuO1b3daD or YouTube

React Conf is starting now!

We are excited to announce @infinite_red @OldMissionHQ @arcjethq @RenderATL as React Conf silver sponsors this year!

Learn about how to build better video into websites, platforms, AI workflows, and more here:

We are excited to announce @MuxHQ as the React Conf livestream sponsor this year!

Learn more about the React framework for Cloudflare here: