Yesterday, the Next.js, React, and Vercel teams published joint security advisories for two discovered vulnerabilities, CVE-2025-66478 & CVE-2025-55182 that affected next.js & React Server Components.
Mintlify took immediate action to apply the provided upstream patches and ensure our security and the security of our customers against any exploitation. This work is now complete across the Mintlify dashboard & all production documentation deployments. Please contact security@mintlify.com with any questions.
https://nextjs.org/blog/CVE-2025-66478
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
No components marked as affected
Resolved
Yesterday, the Next.js, React, and Vercel teams published joint security advisories for two discovered vulnerabilities, CVE-2025-66478 & CVE-2025-55182 that affected next.js & React Server Components.
Mintlify took immediate action to apply the provided upstream patches and ensure our security and the security of our customers against any exploitation. This work is now complete across the Mintlify dashboard & all production documentation deployments. Please contact security@mintlify.com with any questions.
https://nextjs.org/blog/CVE-2025-66478
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Monitoring
Earlier today, the Next.js, React, and Vercel teams published joint security advisories for two discovered vulnerabilities, CVE-2025-66478 & CVE-2025-55182 that affected next.js & React Server Components.
Mintlify took immediate action to apply the provided upstream patches and ensure our security and the security of our customers against any exploitation. This work is now complete across the Mintlify dashboard & all production documentation deployments. Please contact security@mintlify.com with any questions.
https://nextjs.org/blog/CVE-2025-66478
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components