Sanity incident

Security vulnerability identified with React Server Components

Notice Resolved View vendor source →

Sanity experienced a notice incident on December 3, 2025, lasting 1d 2h. The incident has been resolved; the full update timeline is below.

Started
Dec 03, 2025, 07:37 PM UTC
Resolved
Dec 04, 2025, 10:12 PM UTC
Duration
1d 2h
Detected by Pingoru
Dec 03, 2025, 07:37 PM UTC

Update timeline

  1. investigating Dec 03, 2025, 07:37 PM UTC

    A security vulnerability (CVE-2025-55182) affecting React Server Components (RSC) and several related packages including Next.js was disclosed today by the React Team (https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components). Our Impact: Vercel has already rolled out platform-level protections and preventative measures. We are acting proactively and have started rolling out fixes across our platform and services as well. Required Action: Sanity studio deployments are not affected and require no action. If your Studio is deployed using Next.js, please follow the recommended steps outlined here: https://vercel.com/changelog/cve-2025-55182#resolution.

  2. monitoring Dec 03, 2025, 08:48 PM UTC

    Our team has applied the initial recommended updates from the React Team regarding the recent vulnerability. We are actively completing remaining internal package updates and closely monitoring any further guidance from React and Vercel. Required Action for Next Studio Deployments: Note: Sanity Studio deployments are not affected and require no action. If your Studio is deployed using Next.js, please follow the recommended steps outlined here: https://vercel.com/changelog/cve-2025-55182#resolution

  3. resolved Dec 04, 2025, 10:12 PM UTC

    We have completed dependency updates per guidance from Vercel and the React team. Sanity studio deployments are not affected and require no action. If your Studio is deployed using Next.js, please follow the recommended steps outlined here: https://vercel.com/changelog/cve-2025-55182#resolution.