CVE-2025-55182: Critical Remote Code Execution Vulnerability in React 19 & Next.js (CVSS 10.0)

A critical remote code execution (RCE) vulnerability tracked as CVE-2025-55182 was disclosed on November 29, 2025, affecting all versions of React 19 prior to the December 2025 patches and popular frameworks that use React Server…