According to the latest observations, the impact of a high-risk vulnerability in the React framework is expanding. To maximize cloud security, Alibaba Cloud is offering users who have not enabled any security protection measures a limited-time free trial of relevant security vulnerability detection and exploit blocking products. This helps protect users during this high-risk period for the vulnerability.
Path to claim free products:Log on to the Alibaba Cloud International Website (www.alibabacloud.com).
On the home page, click Pricing in the navigation bar, select Free Trial, and set Product Categories to Security. Then, click the target product to claim the free quota by following the on-screen instructions.
Since the actual proof of concept (POC) was publicly disclosed on December 5, the Alibaba Cloud Security Team has detected that cybercriminal groups are now leveraging this vulnerability for large-scale exploitation. Attack behaviors primarily include executing commands such as id, whoami, and curl, reading environment variables, and writing trojans for mining.
In recent attack observations, large language model (LLM) application development platforms have become primary targets for malicious actors.
Affected React components:
react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0
react-server-dom-turbopack 19.0, 19.1.0, 19.1.1, 19.2.0
react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0
Affected Next.js versions:
14.3.0-canary.77 ≤ Next < 15.0.5
15.1.0 ≤ Next < 15.1.9
15.2.0 ≤ Next < 15.2.6
15.3.0 ≤ Next < 15.3.6
15.4.0 ≤ Next < 15.4.8
15.5.0 ≤ Next < 15.5.7
16.0.0 ≤ Next < 16.0.7
Users are strongly advised to conduct immediate self-checks and initiate remediation.
Alibaba Cloud has updated its security product rules to defend against CVE-2025-55182 and CVE-2025-66478 at the host, application, and network layers. We strongly recommend all affected users upgrade immediately to eliminate risk at the source.
Quickly identify whether your cloud assets are exposed to these vulnerabilities and reduce your attack surface.
Free policy 1
• Vulnerability detection. Security Center Free Edition offers detection for the CVE-2025-66478 vulnerability. Furthermore, its agentless detection capability supports offline detection for two vulnerabilities across comprehensive host and image assets, without impacting the online runtime environment. All users are provided with a 500 GB agentless detection scanning resource package, valued at USD 15.
Procedure
Free policy 2
• Intrusion detection. The detection capabilities for four types of alerts related to the exploit behaviors of the CVE-2025-66478 and CVE-2025-55182 vulnerabilities are available for one month in the Free Edition. Users who activate the Free Edition can use these capabilities.
Procedure
Log on to the Security Center console. In the left navigation pane, click Detection and Response and then click Alert. Pay attention to the following four types of alerts: Worm Command, Suspicious Encoded Command, Suspicious Command Execution on Linux, and Abnormal Child Process Created by Web Application. This allows you to confirm whether your assets have been attacked by using this vulnerability.
Notes
• On the Assets > Host page, verify that the status of the Security Center agent on your host assets is indicated by the icon.
• For hosts that are not on Alibaba Cloud, you must first install the Security Center agent. To do this, in the left navigation pane, select System Settings > Feature Settings, click Agent, and then click Installation Command. Select the appropriate installation command and run it on the non-Alibaba Cloud host.
Implement default protection for this vulnerability at the application layer and block the attack path.
Free policy
Alibaba Cloud users who are using this product for the first time are provided with a free trial quota of a 10,000 SeCU resource plan valued at USD 99.
Procedure
Activate the pay-as-you-go edition of WAF 3.0. Then, on the Onboarding page, onboard the assets that require protection, such as domain names and cloud product instances (such as ALB), to WAF for protection.
Notes
Block and protect against this vulnerability at the network layer.
Free Policy
For Alibaba Cloud users who are using this product for the first time, a free trial quota of USD 70 is provided.
Procedure
Activate the pay-as-you-go 2.0 edition of Cloud Firewall. On the Firewall Settings page, onboard the assets that require protection, such as elastic IP addresses (EIPs), to Cloud Firewall for protection. It is recommended that you also enable the Automatic Protection for New Assets feature.
Notes
Note: After your free benefits are used up, if you have no further need for the product, please release the product instances promptly to avoid incurring fees.
Remediation solutions
Check your applications for the affected React components and related frameworks (such as Next.js). If found, it is strongly recommended that you upgrade to a secure version. For example, Next.js framework users run the appropriate upgrade commands based on their current version.
npm install next@15.0.5 # for 15.0.xnpm install next@15.1.9 # for 15.1.xnpm install next@15.2.6 # for 15.2.xnpm install next@15.3.6 # for 15.3.xnpm install next@15.4.8 # for 15.4.xnpm install next@15.5.7 # for 15.5.xnpm install next@16.0.7 # for 16.0.x
If you are using Next.js 14.3.0-canary.77 or a later canary version, we recommend downgrading to a stable version of Next.js 14.
npm install next@14
Users of other frameworks can refer to https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components to perform the relevant checks and upgrades.
Mitigation measures
Use various security products, such as WAF and Cloud Firewall, to block related scans and attacks. (Note: This is only a temporary mitigation. To completely eliminate the vulnerability, please perform the upgrade as described in the Remediation solutions section.)
References
Finally, to reiterate, Alibaba Cloud Security strongly recommends that all affected users immediately upgrade from the vulnerable version to the latest version.
6 posts | 0 followers
FollowCloudSecurity - December 8, 2025
Neel_Shah - April 24, 2025
Alibaba Cloud Big Data and AI - November 4, 2025
Anna cloud communication - November 22, 2024
Alibaba Clouder - July 15, 2019
Hironobu Ohara - June 26, 2023
6 posts | 0 followers
Follow
Security Center
A unified security management system that identifies, analyzes, and notifies you of security threats in real time
Learn More
Security Solution
Alibaba Cloud is committed to safeguarding the cloud security for every business.
Learn More
Data Security on the Cloud Solution
This solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.
Learn More
ActionTrail
A service that monitors and records the actions of your Alibaba Cloud account, including the access to and use of Alibaba Cloud services using the Alibaba Cloud Management console, calling API operations, or SDKs.
Learn MoreMore Posts by CloudSecurity
