{question}
Has SingleStore been affected by CVE-2025-55182 and/or CVE-2025-66478?
{question}
{answer}
CVE-2025-55182 and CVE-2025-66478 are Critical severity vulnerabilities involving a pre-authentication remote code execution exploit in React Server Components (RSC) protocol versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and affecting downstream frameworks, namely next.js (CVE-2025-66478). These vulnerabilities were publicly disclosed on December 3rd, 2025.
SingleStore upholds strict security standards, including comprehensive supply-chain vetting within our software development lifecycle. Following a thorough review, we confirmed that no affected components are present in any of our product software, be it SingleStore Helios or Self-managed. We did identify a residual number of projects showing the issue (related to tests and demos, and to our documentation website), which were quickly remediated, with no impact on any product software.
This bulletin is provided for informational purposes only.
No action is required from SingleStore customers.
{answer}