CVE-2025-66478 | vercel Next.js React Flight Protocol deserialization

Inserito da Angelo Barbosa | Dic 3, 2025 | CVE

A vulnerability has been found in vercel Next.js and classified as critical. This issue affects some unknown processing of the component React Flight Protocol Handler. Performing manipulation results in deserialization.

This vulnerability is cataloged as CVE-2025-66478. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2025-66478 | vercel Next.js React Flight Protocol deserialization

Post correlati

CVE-2024-24567 | Vyper raw_call value Privilege Escalation

VDB-293907 | pankajindevops scale up to 20241113 API Endpoint access control

CVE-2025-63528 | Blood Bank Management System 1.0 blooddinfo.php Error cross site scripting

CVE-2025-55108 | BMC Control-M/Agent 9.0.18/9.0.19/9.0.20/9.0.21/9.0.22 missing authentication