Back

Critical CVSS 10.0 Vulnerability in React & Next.js Requires Immediate Patch

Severity: High (Score: 62.9)

Sources: Gist.Github, Youtube

Summary

A critical vulnerability with a CVSS score of 10.0 has been identified in React Server Components, specifically affecting the Flight protocol. This flaw allows unauthenticated attackers to execute remote code, impacting applications built with React and Next.js. Users are urged to apply patches immediately to mitigate potential exploitation.

Key Entities

  • Remote Code Execution (attack_type)
  • CVE-2025-66478 (cve)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1203 - Exploitation for Client Execution (mitre_attack)
  • Flight Protocol (platform)
  • Next.js (platform)
  • React (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed