React Server Components is a server-side rendering solution for React applications. It allows developers to render components on the server, which can improve performance and SEO. However, this vulnerability affects the way React Server Components handles deserialization of payloads from HTTP requests, leading to an infinite loop that can hang the server process and prevent future HTTP requests from being served.
You're affected if you use It was found that the fix addressing CVE-2025-55184. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to React Server Components version 19.0.3, 19.1.4, or 19.2.3 immediately.
Maven: Update your pom.xml dependency version org.reactjs-community/react-server-dom-webpack
If you can't upgrade immediately:
- Set process.env.NODE_ENV to 'production' as a JVM flag
- Remove the react-server-dom-webpack package from your project