This flaw affects web applications using React Server Components, particularly within the popular Next.js framework  -  a technology now powering tens of thousands of Vietnamese websites and platforms.

According to global monitoring data, Vietnam currently ranks among the top 10 countries reporting the highest volume of exploitation attempts related to this vulnerability.

The cybersecurity unit of CMC Telecom (Cyber Security Unit – CSU) has analyzed the flaw and warns that CVE-2025-55182 allows remote code execution (RCE) and full server takeover without any login or authentication.

This dramatically elevates the risk level  -  especially for businesses running e-commerce websites, public-facing service portals, or internal applications built on Next.js with exposed APIs.

During its scans and internet data analysis in Vietnam, CMC CSU observed:

A sharp rise in systems using Next.js over recent years.
Many of these systems remain on default configurations or have not yet applied critical patches.
A sudden surge in scanning activity immediately after the vulnerability was made public.

Self-developed applications  -  often without dedicated security teams  -  are the most vulnerable group, according to CMC Telecom experts.

“This is a dangerous vulnerability due to the sheer popularity of Next.js and the fact that attackers need no credentials to exploit it,” said a representative from CMC Telecom.

The company urges Vietnamese businesses to take immediate action, including:

Checking current versions of Next.js in use and applying available patches.
Using Web Application Firewalls (WAF) to detect exploitation attempts.
Implementing detection rules within SIEM or EDR systems.
Actively monitoring server logs for abnormal or suspicious requests.

For businesses with large systems, independent penetration testing or professional security assessments are also recommended to avoid missing hidden vulnerabilities.

Source: CMC Telecom Security Hub