MDR Services

Our Managed Detection and Response Services provide continuous monitoring from a team who’ll neutralise any breaches at speed...

Incident Response Services

Gain access to malware experts to quickly contain threats and reduce future exposure to attacks...

Gartner Recognised

Integrity360 has been recognised as a Gartner Representative Vendor.

Download our CyberFire MDR ebook

Many organisations are choosing CyberFire MDR to strengthen their defences. Discover how it can protect your business in our brochure.

The hidden human costs of a cyber attack

Cyber attacks often seem faceless, but hidden behind the headlines of financial loss and technical details there are very real human stories.

The reality of ransomware in 2025: What you need to know

In 2025, we’re witnessing a shift in how ransomware operates, who it targets, and the consequences of falling victim.

Your guide to 2026: Trends and Predictions

Stay ahead of the latest cyber security industry developments, advancements and threats, and understand how you can best protect your organisation.

Cyber security testing services

Do you know what your company’s network vulnerabilities are? Businesses that invest in penetration testing do.

What is PCI? Your most common questions answered

If your business handles credit card data, PCI DSS compliance isn’t optional—it’s critical. From retailers and e-commerce platforms to service providers and financial institutions, securing credit card data is critical to customer trust and preventing fraud.

Weekly Threat roundups

Stay informed with the latest cyber security news with our weekly threat roundups.

The A-Z Glossary of cyber security terms

Confused about cyber security? Our A-Z Glossary of terms can help you navigate this complicated industry.

Read our latest blog

For many small and mid-sized businesses, cyber security can feel overwhelming.

Integrity360 completes SOC 2 certification to strengthen global cyber defence ecosystem

SOC 2 certification reflects Integrity360’s continued investment in strengthening cyber resilience for clients across highly regulated and high-risk industries.

Integrity360 expands further in Africa with Redshift Acquisition

Leading cyber security services business Redshift acquired by Integrity360 expanding the group’s footprint in South Africa

By Integrity360 on December 12, 2025

New HighSeverity Vulnerabilities in React Server Components & Next.js

Breaches, Alerts & Advisories

Following the critical “React2Shell” disclosure earlier this month, three additional vulnerabilities were identified in React Server Components (RSC). These new flaws, carry high severity and widespread impact, requiring immediate developer action. As these new flaws allow an attacker to cause Denial of Service (DoS) or leak server-side source code.

Affected Environments:

Core packages:

react-server-dom-webpack

react-server-dom-parcel

react-server-dom-turbopack

Frameworks/tools using RSC:

Next.js (App Router)

Waku

React Router

Vulnerabilities:

CVE202555184 and CVE202567779: Incomplete Patch → Denial of Service (DoS)

Impact: Crafted HTTP requests targeting App Router or Server Function endpoints cause infinite loops upon deserialization, hanging server processes and blocking future requests.

Severity: High (CVSS 7.5/10).

Details: A patch bypass vulnerability allows exploitation of the earlier DoS vector in patch versions 19.0.2, 19.1.3, and 19.2.2. As well as, a crafted HTTP requests targeting Server Function endpoints cause infinite loops during RSC deserialization, consuming CPU and hanging processes.

CVE202555183: Source Code Exposure

Impact: Specific HTTP requests can trigger Server Functions to return compiled source code of any such functions, potentially revealing business logic and exposing hardcoded secrets.

Severity: Medium (CVSS 5.3/10).

Mitigation and Remediation

Upgrade Immediately to patched versions:

Next.js versions (App Router only):

Release Line	Minimum Patched Version
≥ 13.3	14.2.35
15.0.x	15.0.7
15.1.x	15.1.11
15.2.x	15.2.8
15.3.x	15.3.8
15.4.x	15.4.10
15.5.x	15.5.9
15.x canary	15.6.0-canary.60
16.0.x	16.0.10
16.x canary	16.1.0-canary.19

 Re-patch even if previously updated: for React2Shell: the earlier fix was incomplete, so prior upgrades must be followed by this new update.

 Verify environment hygiene: Ensure secrets are injected via environment variables and not hardcoded in server functions to mitigate source-code leaks.

 Monitor systems for DoS symptoms: infinite loops, stalled endpoints.

 Audit network activity: Look for unusual HTTP requests to App Router endpoints.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.

Logo_White

Download our 2026 cyber security trends and predictions guide now!

Download guide

Integrity360-Trends-and-Predictions-2026-stack

IS_Master Logo_White

Talk to an expert

IS_Master Logo_White

ISO 2025 3 logos v2

Talk to an expert

© 2025 Integrity360, All rights reserved