Update December 5th, 2025
Z-CERT has issued an Operational Alert regarding the critical vulnerability in React and Next.js. We reiterate our strong advice to perform an upgrade immediately.
Je browser is verouderd en geeft deze website niet correct weer. Download een moderne browser en ervaar het internet beter, sneller en veiliger!
On December 3rd, Z-CERT warned all affiliated healthcare organizations about a critical vulnerability in React. We urge all healthcare organizations using this software to immediately follow the advice below.
Z-CERT has issued an Operational Alert regarding the critical vulnerability in React and Next.js. We reiterate our strong advice to perform an upgrade immediately.
React is a development library widely used in healthcare for building user interfaces of web applications, such as web forms. It is also often part of larger development frameworks, such as Next.js.
The severe vulnerability in Next.js is identified by CVE-2025-66478. The vulnerability with the identifier CVE-2025-558182 affects React versions 19.0, 19.1.0, 19.1.1, and 19.2.0.
If your organization uses these packages, we strongly advise you to upgrade immediately. The vulnerability has been resolved in versions 19.0.1, 19.1.2, and 19.2.1.
Your application is not vulnerable to this issue if:
To use a web application, data is retrieved from a server connected to the internet. The critical vulnerability in React can be exploited to gain access to servers running this development software.
Attackers could exploit this vulnerability to execute malicious JavaScript code on the affected server. As a result, an attacker may be able to view all data on the server or gain control over the server where the vulnerable software is running.
Photo: Elchinator, Pixabay