[SECURITY] CVE-2025-66478: Critical RCE in Next.js - Immediate Patch Required #4
Description
Vulnerability Details
CVE ID: CVE-2025-66478
CVSS Score: 10.0 (Critical)
Type: Remote Code Execution (RCE)
Impact
Attackers can execute arbitrary code on servers running Next.js with App Router via malicious RSC protocol requests.
Required Action
Upgrade Next.js from 16.0.7 → 16.0.8
npm install [email protected]Priority
CRITICAL - No workaround available. Upgrade immediately.