Amazee experienced a notice incident on December 5, 2025, lasting 75d 5h. The incident has been resolved; the full update timeline is below.
Update timeline
- monitoring Dec 05, 2025, 01:08 AM UTC
Summary We are aware of CVE-2025-55182, a critical vulnerability impacting certain versions of React Server Components and Next.js. Our priority is to protect customer workloads while upstream patches are applied. What we've done For customers using the Advanced WAF solution provided by amazee.io, we have enabled virtual patching in blocking mode to mitigate exploit attempts while application upgrades proceed. At this time, there is no mitigation available at the CDN layer. Customer action If your applications use affected React packages or frameworks (for example, Next.js 15.x or 16.x App Router), upgrade to patched versions as soon as possible per vendor guidance. * Continue standard secure development practices and monitor your application logs for anomalies. * Virtual patches reduce risk, but code upgrades remain the definitive fix. Support If you have questions about exposure, upgrade paths, or rule coverage, contact our support team through your standard channel. Our Commitment Security is central to our mission. We continuously work to strengthen protections, reduce risk, and keep our customers informed. References * CVE-2025-55182 record: https://www.cve.org/CVERecord?id=CVE-2025-55182 * React Server Components advisory: https://github.com/advisories/GHSA-fv66-9v8q-g76r * Next.js advisory: https://github.com/advisories/GHSA-9qr9-h5gf-34mp
- monitoring Dec 05, 2025, 07:23 AM UTC
We are continuing to monitor for any further issues.
- monitoring Dec 15, 2025, 04:50 PM UTC
Our review shows the affected React packages are present only in non-production amazee.io resources.
- resolved Feb 18, 2026, 06:59 AM UTC
This incident has been resolved.