Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Critical Vulnerability in React Framework: An Alibaba Cloud Quick Protection Guide

Critical Vulnerability in React Framework: An Alibaba Cloud Quick Protection Guide

This article introduces Alibaba Cloud's protection guidelines and security recommendations for the Critical security vulnerabilities: CVE-2025-55182 and CVE-2025-66478.

Recently, the core React team at Meta and the Next.js team at Vercel jointly announced two Critical security vulnerabilities: CVE-2025-55182 (React) and CVE-2025-66478 (Next.js). Both vulnerabilities have a maximum CVSS score of 10. Under certain conditions, an attacker can exploit them to execute arbitrary code. Furthermore, Alibaba Cloud Security has observed that well-known hacking tools have released modules leveraging this vulnerability.
Frameworks like React and Next.js are top choices for many developers, with millions of websites and applications built on them. Attackers can exploit these vulnerabilities to compromise servers, which could lead to irreversible business losses. Therefore, Alibaba Cloud Security strongly advises all affected customers to remediate these vulnerabilities immediately.

Vulnerability Details
React Server Components (RSC), a new component type introduced in React 19, are widely used for rendering services in frameworks like Next.js. The vulnerability, CVE-2025-55182, arises from a lack of validation when parsing client-submitted forms. This allows an attacker to craft a malicious request, invoke internal modules, and ultimately achieve unauthorized code execution. Since Next.js versions like 15.x and 16.x use the affected React component package, they are also vulnerable. The corresponding CVE for Next.js is CVE-2025-66478.

Scope of Impact
For the React component, the affected versions are as follows:
react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0
react-server-dom-turbopack 19.0, 19.1.0, 19.1.1, 19.2.0
react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0

For Next.js, the affected versions are as follows:
14.3.0-canary.77 <= Next < 15.0.5
15.1.0 <= Next < 15.1.9
15.2.0 <= Next < 15.2.6
15.3.0 <= Next < 15.3.6
15.4.0 <= Next < 15.4.8
15.5.0 <= Next < 15.5.7
16.0.0 <= Next < 16.0.7

Alibaba Cloud Quick Remediation Guide

Three-Layer Coordinated Defense
In response to CVE-2025-55182 and CVE-2025-66478, Alibaba Cloud has acted swiftly to update the rules across its security products. This enables a comprehensive defense that includes vulnerability scanning at the host layer, as well as protection and blocking at the application and network layers. Alibaba Cloud Security advises users of the React and Next.js frameworks to take immediate security measures to mitigate these vulnerabilities.

Security Center: Host-Layer Vulnerability Scanning and Detection

Once customers enable Security Center, they can use "Vulnerabilities - Application Vulnerability" or "Host Protection -Agentless Detection" to scan their ECS hosts for this vulnerability. The agentless detection feature supports security risk assessments for ECS instances without needing to install a client, and has a negligible impact on server performance.
Customers can also use the Container Image Scan feature to scan their container images for this vulnerability. Container Image Scan offers comprehensive security detection and management capabilities, helping you quickly identify high-risk system vulnerabilities, application vulnerabilities, malicious samples, and configuration risks in your images.
If this vulnerability is detected, we recommend using Web Application Firewall and Cloud Firewall to block attacks, while also upgrading your application components as soon as possible.
You can follow these steps for detection and defense:

  1. Enable application vulnerability scanning with one click by navigating to [Security Center → Risk Governance → Vulnerabilities]. This will initiate a scan for application vulnerabilities on all hosts managed by Security Center. (Note: Detection and identification of CVE-2025-66478 via software composition analysis and remote scanning are already supported).
  2. Enable agentless vulnerability scanning with one click by navigating to [Security Center → Host Protection → Agentless Detection]. This will initiate an agentless scan on your Alibaba Cloud hosts. (Note: Detection of both CVE-2025-66478 and CVE-2025-55182 is supported through software composition analysis.)
  3. You can also enable one-click container image vulnerability scanning by navigating to [Security Center → Container Protection → Container Image Scan]. (Note: We now support software composition analysis to detect vulnerabilities CVE-2025-66478 and CVE-2025-55182.)

Web Application Firewall: One-Click Blocking at the Application Layer

Alibaba Cloud Web Application Firewall (WAF) has published protection rules for vulnerabilities CVE-2025-55182 and CVE-2025-66478. If you have auto-update enabled for the core web protection rule detection engine, WAF will protect you against these vulnerabilities by default.
If you have not enabled auto-update, you can follow these steps to enable detection and defense:

  1. If you are using the new core web protection rules in Web Application Firewall 3.0, manually enable rule 901017 and set its action to Block.
    waf_1
  2. If you are using the legacy core web protection rules in Web Application Firewall 3.0 or are using Web Application Firewall 2.0, you need to add rule 901017 to the active rule group and set its action to Block.
    waf_2

waf_3

Cloud Firewall: Fast Blocking at the Network Layer

Cloud Firewall has published protection rules for vulnerabilities CVE-2025-55182 and CVE-2025-66478. If your protection engine is set to Block Mode, Cloud Firewall will automatically block these threats by default.
You can follow these steps to set up detection and defense:

  1. You can find this protection rule (ID: 41000485) in the IPS Configuration section, under the Virtual Patching module for either the Internet Border or VPC Border.
  2. We also recommend enabling automatic protection for new assets. This will automatically apply Cloud Firewall protection to new internet-exposed assets to defend against these vulnerabilities.

Managed Security Service: Dedicated Support from Security Experts

For customers who have purchased Alibaba Cloud's Managed Security Service (MSS), we offer the following support:
● Asset Identification: Automatically discover application assets that use affected versions of React or Next.js.
● Remediation Guidance: Provide prompt and precise upgrade recommendations and temporary mitigation measures, such as custom WAF rules.
● Proactive Defense: Integrate with WAF and Cloud Firewall to automatically deploy virtual patches and block attacks in real-time.
● Continuous Monitoring: Provide 7*24 security monitoring to promptly detect and assess potential threats.
● Emergency Response: Quickly intervene in security incidents, assisting with root cause analysis and immediate remediation.
● Post-Incident Hardening: Deliver a risk assessment report to help you improve your overall cloud security posture.

Alibaba Cloud Security Recommendations

1. Remediation: Check your applications to see if they use affected React components or related frameworks (such as Next.js). If they do, we strongly recommend upgrading to a secure version. For example, Next.js users should run the appropriate upgrade command for their current version.
npm install next@15.0.5 # for 15.0.x
npm install next@15.1.9 # for 15.1.x
npm install next@15.2.6 # for 15.2.x
npm install next@15.3.6 # for 15.3.x
npm install next@15.4.8 # for 15.4.x
npm install next@15.5.7 # for 15.5.x
npm install next@16.0.7 # for 16.0.x
If you are using a canary version of Next.js, such as 14.3.0-canary.77 or later, we recommend downgrading to the stable Next.js 14 version.
npm install next@14
Users of other frameworks can refer to https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components for instructions on scanning and upgrading.

2. Mitigation: Use security products like WAF and Cloud Firewall to block related scans and attacks. (Note: This is only a mitigation measure. To fully resolve the vulnerability, please follow the remediation plan and upgrade your systems.)

References
  1. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
  2. https://nextjs.org/blog/CVE-2025-66478
  3. https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
  4. https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r
  5. https://avd.aliyun.com/detail?id=AVD-2025-66478
  6. https://avd.aliyun.com/detail?id=AVD-2025-55182
Security Web Application Firewall Application Security Security Center Cloud Firewall Alibaba Cloud Security Critical Vulnerability Managed Security Service (MSS) Host-Layer Vulnerability Scanning and Detection CVE-2025-66478 CVE-2025-55182
0 1 0
Share on

Read previous post:

Alibaba Cloud Supports The Hong Kong Cybersecurity Drill-Offensive For Defensive 2025

CloudSecurity

4 posts | 0 followers

You may also like

Comments

CloudSecurity

4 posts | 0 followers

Related Products

More Posts by CloudSecurity

See All