09.12.2025 - React Server Components vulnerability December 09, 2025 12:46 Updated BOC is aware of the recent React Server Components Remote Code Execution vulnerability (CVE-2025-55182), which impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack It also affects Next.js using App Router. It impacts versions >=14.3.0-canary.77, >=15, and >=16.Following an internal review, BOC confirms that our software products and SaaS offerings do not include any of the NPM packages currently identified as compromised in connection with the React Server Components. At this time, there is no evidence that our products, build systems, or customer environments operated by BOC have been affected by this vulnerability. As a precaution and in line with industry best practices for software supply chain security, we have implemented additional measures, including validating and continuously monitoring our Software Bill of Materials (SBOMs) against known impacted packages and re-verifying the integrity of our build pipelines. These actions supplement our ongoing security program, which includes continuous dependency monitoring, vulnerability management, and secure development lifecycle practices aligned with current supply chain guidance. We are committed to maintaining a strong security posture and communicating transparently about developments in the software supply chain landscape. Related articles How does the BOC ensure the security of my product data stored in the BOC Cloud (SaaS)? How to download a Support Information Package (SIP)? Allowlisting - Public IP and private IP addresses Manual user administration How do I place a support request?