Detections
Analytics
Node.js React Server Components Denial of Service and Source Code Exposure (CVE-2025-55183, CVE-2025-55184)
medium Nessus Plugin ID 278531
Language:
Synopsis
Multiple Node.js React Server Components packages are affected by denial of service and source code exposure vulnerabilities.Description
Multiple Node.js React Server Components packages are affected by denial of service and source code exposure vulnerabilities. The following Node.js packages and versions are affected:- react-server-dom-webpack 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1
- react-server-dom-parcel 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1
- react-server-dom-turbopack 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to a fixed version of the affected package.See Also
Plugin Details
Severity: Medium
ID: 278531
File Name: nodejs_react_server_components_CVE-2025-55183_CVE-2025-55184.nasl
Version: 1.3
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 12/12/2025
Updated: 2/24/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2025-55184
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2025-55183
Vulnerability Information
CPE: cpe:/a:facebook:react
Required KB Items: Host/nodejs/modules/enumerated
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/11/2025
Vulnerability Publication Date: 12/11/2025
Reference Information
CVE: CVE-2025-55183, CVE-2025-55184
IAVA: 2025-A-0928