Hello,
This repository contains a critical remote code execution (RCE) vulnerability (https://nextjs.org/blog/CVE-2025-66478, CVSS 10.0) affecting React Server Components.
Required Actions
Immediate Remediation
Update to patched versions:
For Next packages:
json
{
"next": "15.3.6",
}
Sharing this for awareness. Thank you.
Hello,
This repository contains a critical remote code execution (RCE) vulnerability (https://nextjs.org/blog/CVE-2025-66478, CVSS 10.0) affecting React Server Components.
Required Actions
Immediate Remediation
Update to patched versions:
For Next packages:
json
{
"next": "15.3.6",
}
Sharing this for awareness. Thank you.