Our review shows the affected React packages are present only in non-production amazee.io resources.
Posted Dec 15, 2025 - 16:50 UTC
Update
We are continuing to monitor for any further issues.
Posted Dec 05, 2025 - 07:23 UTC
Monitoring
Summary
We are aware of CVE-2025-55182, a critical vulnerability impacting certain versions of React Server Components and Next.js. Our priority is to protect customer workloads while upstream patches are applied.
What we've done
For customers using the Advanced WAF solution provided by amazee.io, we have enabled virtual patching in blocking mode to mitigate exploit attempts while application upgrades proceed. At this time, there is no mitigation available at the CDN layer.
Customer action
If your applications use affected React packages or frameworks (for example, Next.js 15.x or 16.x App Router), upgrade to patched versions as soon as possible per vendor guidance.
* Continue standard secure development practices and monitor your application logs for anomalies. * Virtual patches reduce risk, but code upgrades remain the definitive fix.
Support
If you have questions about exposure, upgrade paths, or rule coverage, contact our support team through your standard channel.
Our Commitment
Security is central to our mission. We continuously work to strengthen protections, reduce risk, and keep our customers informed.