Blog Security Research CVE-2025-55183 and CVE-2025-55184: Mitigating React/Next.js Vulnerabilities Executive summary We have been notified by our partners about a couple of newly disclosed vulnerabilities that are affecting multiple React-based frameworks. Akamai has deployed Akamai Adaptive Security Engine Rapid Rules to protect our customers from these threats. For Guardicore customers subscribed to Akamai Hunt, Akamai has searched for and identified relevant vulnerable assets in customer environments and provided recommendations to protect those assets. Vulnerability details Two new vulnerabilities have been found in React Server Component (RSC) frameworks: CVE-2025-55183 — Information disclosure : Attackers can coerce arguments in server functions to leak server-only source code if input isn’t properly validated. CVE-2025-55184 — Function-level denial of service (DoS) : Specially crafted payloads can freeze Node.js servers by creating infinite promise recursion, and take affected servers offline.…