React2Shell and Other Vulnerabilities Notice

React2Shell (CVE-2025-66478) is a critical vulnerability affecting React and Next.js websites that support React Server Components, necessitating immediate updates even if the components are not in use. Additionally, vulnerabilities such as Denial of Service (CVE-2025-55184 and CVE-2025-67779) and Source Code Exposure (CVE-2025-55183) also impact these platforms. While Prismic’s services have been deemed secure, it is advised that users update their React and Next.js websites by following official recommendations, especially if they have cloned or downloaded Prismic’s Next.js starters or demos prior to December 11, 2025, when the repositories were patched. For further queries regarding React2Shell or other vulnerabilities, users can contact Prismic through their Support Portal. The announcement originally focused on React2Shell but was updated to include the two additional vulnerabilities, with all related content adjusted accordingly.