React vulnerability (CVE-2025-66478): How we responded and what you should do
A critical React SSR vulnerability (CVE-2025-66478, CVSS 10.0) allows remote code execution. We have swiftly patched all active React/Next.js client projects. Users must apply the official fix immediately.
Read full article