CVE-2025-55182 is a 10.0 CRITICAL vulnerability. Thou it’s not as easy to exploit in real bugbounty world due to complexity of finding vulnerable target and endpoint.

Changelog: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Commits (scroll to down to Dec1): https://github.com/facebook/react/compare/v19.2.1...main

POC:
https://github.com/ejpir/CVE-2025-55182-poc
https://github.com/sickwell/CVE-2025-55182