Logo
Contribute
Go To App

AIKIDO-2025-10868

react-server-dom-turbopack is vulnerable to Remote Code Execution (RCE)

100

Critical

react-server-dom-turbopack JS

AIKIDO-2025-10868: react-server-dom-turbopack is vulnerable to Remote Code Execution (RCE) in versions 19.0.0 - 19.0.0, 19.1.0 - 19.1.1 and 19.2.0 - 19.2.0.

Remote Code Execution (RCE)
Vuln in 19.0.0 - 19.0.0
Fixed in 19.0.1
Vuln in 19.1.0 - 19.1.1
Fixed in 19.1.2
Vuln in 19.2.0 - 19.2.0
Fixed in 19.2.1
CVE-2025-55182
TL;DR

Who does this affect?

How can it be fixed?

Background info

Link to vendor website

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access
aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2025 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.