CVE-2025-5182: Why Australian Businesses Must Act Now

A critical vulnerability, CVE-2025-5182, has been disclosed, impacting web applications that rely on popular frameworks like React.js and Next.js. This vulnerability is rated 10 out of 10 (the worse), the flaw allows unauthenticated remote code execution through insecure deserialization in React Server Components and the Next.js App Router. Exploitation requires nothing more than a crafted HTTP request, making it alarmingly simple for attackers to compromise servers.

Is Australian businesses impacted? 

React and Next.js power a significant portion of modern web applications. Recent market data shows:

• React.js is used by over 1.3 million websites globally, with strong adoption in Australia.
• Next.js accounts for 2.6% of Australian web servers, ranking among the top five technologies in the country’s web infrastructure.
• Security researchers estimate 39% of cloud environments include vulnerable instances of React or Next.js. [bleepingcomputer.com]

A quick search through Shodan this morning, reveals that there are currently around 3800 sites and businesses use a component of React in their web application services. I am unsure how many of these are running the vulnerable version, but we should assume that 10% of these if not more are impacted and vulnerable.

Australian businesses using these libraries and plugins are at high risk if they haven’t patched their systems.

So what about my SaaS/PaaS Environment

Here where it gets more complicated, running a SaaS/PaaS environment does not mean you are safe and may complicate the situation. You are effectively relying on your vendors to do their job; and while in most the cases, large application vendors do, smaller providers may not effectively monitor or patch their application effectively.

‍Immediate Actions

• Audit your infrastructure for any vulnerable components and apply fixes without delay.
• Update React.js to versions 19.0.1, 19.1.2, or 19.2.1.
• Update Next.js to patched releases: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7.
• Contact your SaaS vendors immediately and ensure that any SaaS/PaaS applications you are using are effectively patched if impacted

Supply Chain Risks

This issue underscores the the hidden cost of software supply chain vulnerabilities. Modern applications depend on hundreds of third-party libraries and frameworks. A single compromised component can impact thousands of customers, akin to the infamous Log4Shell. OWASP’s 2025 Top 10 now lists Software Supply Chain Failures as a critical risk category, highlighting the need for continuous monitoring and secure dependency management.

Key Recommendations

• Check If you are impacted, and patch immediately
• Always ensure to run an effective Vulnerability Management to scan all your internal and external infrastructure and web assets; scans should run daily for your internet facing assets.
• Patch your application and infrastructure in accordance to ASD Essential 8 recommendations
• Use a platform like Microsoft Defender for Cloud to monitor your SaaS Security Posture Management.
• Check your SaaS providers and ensure they are running a similar effective vulnerability and patch management program
• Ensure that your infrastructure and applications are monitoring on a 24/7 using and modern SIEM/SOC solution.
• Always ensure to run an effective 3rd party assurance program to monitor your critical suppliers and vendors