CVE-2025-67779: (CWE-502) Deserialization of Untrusted Data, (CWE-400) Uncontrolled Resource Consumption in Meta react-server-dom-parcel
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.
CVE-2025-67779: (CWE-502) Deserialization of Untrusted Data, (CWE-400) Uncontrolled Resource Consumption in Meta react-server-dom-parcel
Description
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Meta
- Date Reserved
- 2025-12-11T22:58:08.827Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 693b579d8a7c12acf2c1d539
Added to database: 12/11/2025, 11:45:33 PM
Last updated: 12/11/2025, 11:45:38 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-67780: CWE-306 Missing Authentication for Critical Function in SpaceX Starlink Dish
MediumCVE-2025-66452: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in danny-avila LibreChat
MediumCVE-2025-66451: CWE-20: Improper Input Validation in danny-avila LibreChat
MediumCVE-2025-66588: CWE-824 Access of Uninitialized Pointer in AzeoTech DAQFactory
HighCVE-2025-66587: CWE-122 Heap-based Buffer Overflow in AzeoTech DAQFactory
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.