Skip to content

Pin next to 15.0.5 for CVE-2025-66478#52

Merged
murderteeth merged 1 commit intomainfrom
CVE-2025-66478
Dec 3, 2025
Merged

Pin next to 15.0.5 for CVE-2025-66478#52
murderteeth merged 1 commit intomainfrom
CVE-2025-66478

Conversation

@murderteeth
Copy link
Contributor

@murderteeth murderteeth commented Dec 3, 2025

CVE-2025-66478 is a critical (CVSS 10.0) remote code execution vulnerability in React Server Components affecting Next.js 15.x.

This repository is NOT affected because:

  • All packages use Pages Router (not App Router)
  • React 18.3.1 is used (only React 19.x is vulnerable)
  • No Server Components or Server Actions are present

Upgrading to the patched version anyway as a security best practice.

🤖 Generated with Claude Code

@murderteeth @claude
Pin next to 15.0.5 for CVE-2025-66478
fd38dbe 
CVE-2025-66478 is a critical (CVSS 10.0) remote code execution
vulnerability in React Server Components affecting Next.js 15.x.

This repository is NOT affected because:
- All packages use Pages Router (not App Router)
- React 18.3.1 is used (only React 19.x is vulnerable)
- No Server Components or Server Actions are present

Upgrading to the patched version anyway as a security best practice.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Dec 3, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
yearn_x_aerodrome Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn_x_ajna Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn_x_curve Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn_x_optimism Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn_x_pendle Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn_x_pooltogether Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn_x_velodrome Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn-x-katana Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn-x-morpho Ready Ready Preview Comment Dec 3, 2025 8:00pm
yearn.space Ready Ready Preview Comment Dec 3, 2025 8:00pm

@murderteeth murderteeth merged commit 82532aa into main Dec 3, 2025
18 checks passed
@murderteeth murderteeth deleted the CVE-2025-66478 branch December 3, 2025 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rossgalloway rossgalloway rossgalloway approved these changes

@w84april w84april Awaiting requested review from w84april

@0xeye 0xeye Awaiting requested review from 0xeye

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@murderteeth @rossgalloway