A pre-authentication remote code execution vulnerability (CVE-2025-55182) has been disclosed in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: 

• React-server-dom-parcel
• React-server-dom-turbopack
• react-server-dom-webpack 

This vulnerability has been rated as a CVSS 10.0.

The vulnerability impacts all frameworks that support React Server Components, including Next.js and React Router.

Related Resource: See Okta’s Response to React2Shell

Immediate Action: Okta strongly advises that all developers who have built applications using Auth0 SDKs and sample libraries that require the vulnerable React libraries (see list below) should immediately update their applications to fixed versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (fixed version list is available in the React blog post). 

Critical Notes:

• Auth0 SDKs and sample libraries (list below) have been updated to require a fixed React version; users will see an error message if they attempt to use the SDK with an affected version of React.
• The Okta SDKs (list below) are NOT affected as they do not depend on an affected version of React.
• You must update to a fixed React library version. Updating only the SDK or sample library will not remediate this vulnerability.

Okta SDKs (no action required):

• React Native Sample Applications for Okta - https://github.com/okta/samples-js-react-native
• Okta OAuth2 Client SDKs - https://github.com/okta/okta-client-javascript
• Odyssey - https://github.com/okta/odyssey

Auth0 Updated SDKs and Sample Libraries:

• Nextjs-auth0 - https://github.com/auth0/nextjs-auth0
• Auth0-react - https://github.com/auth0/auth0-react
• Auth0 Lab Hands on Lab: MDL - https://github.com/auth0/hol-mdl
• Auth0 AI for JavaScript - https://github.com/auth0/auth0-ai-js
• SaaStart from Auth0 by Okta - https://github.com/auth0-developer-hub/auth0-b2b-saas-starter
• Docs-v2 - https://github.com/auth0/docs-v2
• React-native-auth0 - https://github.com/auth0/react-native-auth0
• Assistant0: An AI Personal Assistant Secured with Auth0 - https://github.com/auth0-samples/auth0-assistant0
• Auth0 React Native Sample - https://github.com/auth0-samples/auth0-react-native-sample
• Auth0-acul-samples - https://github.com/auth0-samples/auth0-acul-samples
• Auth for Generative AI Applications - https://github.com/auth0-samples/auth0-ai-samples
• Agent0 - https://github.com/auth0-samples/agent0
• Auth0 Next.js Samples - https://github.com/auth0-samples/auth0-nextjs-samples
• Assistant0: An AI Personal Assistant Secured with Auth0 - https://github.com/auth0-samples/auth0-assistant0
• Auth0 Cross App Access Inspector  - https://github.com/auth0-samples/auth0-cross-app-access-inspector
• SmartHR Assistant - AI Agent with Fine-Grained Authorization - https://github.com/auth0-samples/auth0-ai-smart-hr-assistant
• Chat Agent Starter Kit with Auth0 Authentication - https://github.com/auth0-lab/cloudflare-agents-starter