On December 3, 2025, React published a security advisory regarding vulnerability CVE-2025-55182 affecting React Server Components, which allows an unauthenticated attacker to cause remote arbitrary code execution.

Please note that Horizon and Stream software are not affected by this vulnerability, as EverTrust's solutions (Horizon & Stream) are not powered up neither React nor Next.js.