This morning, an advisory was released for Next.js about a vulnerability that leads to RCE in default configurations, with no prerequisites. The root cause of this issue lies in React Server Components, which Next.js utilizes. Over the last day, we have noticed an incredible amount of incorrect PoCs floating around on GitHub that do not … Continue reading High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)