Critical vulnerability fixed in React
A critical security vulnerability (CVE-2025-55182) has been discovered in the React. A malicious actor could exploit this vulnerability to trigger remote code execution on an affected system. The security vulnerability affects versions 19.0, 19.1.0, 19.1.1, and 19.2.0, and it has been patched with the release of versions 19.0.1, 19.1.2, and 19.2.1.
More information on vulnerability and updates is available on – react.dev.
10 December 2025