Still showing CVE-2025-66478/CVE-2025-55182 on Vercel dashboard

techchintan · December 9, 2025, 10:28am

After the recent Critical Security Vulnerability, I have fixed it in my client’s project using React2Shell bulletin by vercel. The vercel dashboard is still showing the same Vulnerability.

As per the official doc, React2Shell bulletin by vercel, CVE-2025-66478 by nextjs and react.dev blog I have upgraded Next.js from 16.0.0 to 16.0.7

but, dashboard still showing Vulnerability(as shown below). Even npx fix-react2shell-next is returning No Vulnerability Found.

Not sure what I’m missing. Please help me fix this issue.

pawlean · December 9, 2025, 6:50pm

4 posts were merged into an existing topic: Security advisory for React2Shell

system · December 23, 2025, 6:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security advisory for React2Shell Announcements nextjs , handbook , security	21	2015	January 16, 2026
Should I manually update React/React-DOM after running npx fix-react2shell-next? Help nextjs , react	2	92	December 12, 2025
vercel upgrade issue Help	4	17	January 13, 2026
Misleading warning about react2shell CVE (suggested wrong Next.js version to patch to) v0 nextjs	4	99	December 16, 2025
Security alert not dismissing after patched PR was merged and deployed v0 nextjs	1	23	January 12, 2026

Still showing CVE-2025-66478/CVE-2025-55182 on Vercel dashboard

Related topics