On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system.
For a description of this vulnerability, see the public React Security Advisory.
Cisco’s standard practice is to update integrated third-party software components to later versions as they become available.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb
Security Impact Rating: Critical
CVE: CVE-2025-55182
http://news.poseidon-us.com/TPdmXx
