F5 – Security Advisory: React & Next.js CVEs (CVE-2025-55182, CVE-2025-66478)

December 18, 2025 Faeem BLOGS 0

F5 has released Web Application Firewall (WAF) signature updates to mitigate two newly disclosed critical vulnerabilities in React and Next.js:

  • CVE-2025-55182
  • CVE-2025-66478
  • Severity: CVSS 10.0 (Critical)

Key Points

  • Scope: Signatures are available across all F5 Application Delivery and Security Platform deployment methods:
    • BIG-IP
    • NGINX App Protect WAF
    • F5 Distributed Cloud WAF
  • Impact: F5 products themselves are not affected by these CVEs.
  • Action required: Customers should update WAF signatures immediately to ensure protection against exploitation attempts.

How to Update Signatures

  • BIG-IP Live Updates: F5 KB5072033 Live Updates Guide
  • NGINX WAF: F5 NGINX WAF Signature Update
  • Distributed Cloud: F5 Distributed Cloud WAF Update

Reference advisory: F5 Security Notice

Recommended Actions

  • Apply the latest WAF signature updates across all deployment environments.
  • Monitor logs for attempted exploitation of React/Next.js applications.
  • Coordinate with application teams to patch React and Next.js dependencies to secure versions.
  • Ensure layered defense: WAF signatures + runtime patching + dependency management.

Takeaway

These CVEs underscore the criticality of securing modern web frameworks like React and Next.js. . While F5 products are not directly vulnerable, updating WAF signatures is essential to block exploitation attempts in customer applications.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.