Home / Security updates / Security Update: React Server Components Vulnerability - CVE-2025-55182
Security Update: React Server Components Vulnerability - CVE-2025-55182
Security updates detail rendered from /security-updates/upd_e5014963800ab399.
Overview
| ID | upd_e5014963800ab399 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Metadata |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_e5014963800ab399 |
| providerId | safebase |
| organizationId | org_e8591f0c206cf8ca |
| trustCenterId | tc_f1e01aca376724fe |
| title | Security Update: React Server Components Vulnerability - CVE-2025-55182 |
| message | On December 3, 2025, the React team announced a critical vulnerability affecting specific React Server Components packages. The issue, identified as CVE-2025-55182, relates to unsafe payload deserialization in environments using React Server Components on the server side. Assessment Metadata systems were not impacted. Our engineering and security teams reviewed all applications and dependencies to verify whether any part of our environment used the affected React Server Components stack. The results confirmed that: - None of the vulnerable packages associated with CVE-2025-55182 were present. - Our applications run as client-side single-page applications and do not use React Server Components or any framework, bundler, or plugin that implements RSC functionality. - Our routing stack uses TanStack Router rather than React Router, and our build tooling uses Vite with the standard React plugin, not the RSC-enabled plugin. - No server-side React infrastructure exists in our environment, |
| url | - |
| publishedAt | 2025-12-10 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "incidents"
} |
| company | {
"id": "org_e8591f0c206cf8ca",
"name": "Metadata",
"domains": [
"trust.metadata.io",
"metadata.io"
]
} |
| trust_center | {
"id": "tc_f1e01aca376724fe",
"name": "Metadata",
"url": "https://trust.metadata.io",
"host": "trust.metadata.io"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_e5014963800ab399",
"company": "/v1/companies/org_e8591f0c206cf8ca",
"trust_center": "/v1/trust-centers/tc_f1e01aca376724fe",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_e5014963800ab399JSON