Hello Everyone,
As we realized, the impact of the React Vulnerability is very critical among your workloads. The React vulnerability, CVE-2025-55182, has a CVSS score of 10 and is being actively exploited. Customers need to be aware if their organization is impacted with this CVE.
Google has created a pre-defined security graph rule for SCC Enterprise and Premium customers that will generate an "Issue" if your GKE workloads or Compute instances are externally exposed and vulnerable. You can view these alerts in the "Issues" queue within your environment.
A sample representation of how this Issue appears in your SCC console is shown below, with the associated Findings for the vulnerability displayed within the Issue.
If you are an SCC Premium or Enterprise customer, you can use Graph Search to check if your organization is impacted with this vulnerability. You can also use reachability context in Graph Search to prioritize remediation among impacted workloads with the CVE and focus on those workloads that are externally reachable.
Please see screenshot below for reference query on using Graph Search to find if your organization is impacted with this CVE
This vulnerability detection is powered by our Vulnerability Assessment for Google Cloud feature, which performs agentless scans to discover software and OS vulnerabilities. You can read more about about SCC vulnerabilities scanning here: https://docs.cloud.google.com/security-command-center/docs/vulnerability-assessment-google-cloud
You can also refer to this video on how to use Graph Search in general to search for Findings and prioritize remediation with security context:
Introducing Graph Search in Security Command Center
Remediation
The recommended solution is to apply the vendor patches immediately. Please refer to the official security advisories for React (CVE-2025-55182) for full details on affected versions and patched releases
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Temporary Workaround
If immediate patching is not possible, apply the following mitigations to reduce risk:
- Remove external reachability: Configure the instance to only use a Private IP. Alternatively, restrict firewall rules to block all inbound traffic from untrusted sources.
- WAF Rules: For Google Cloud customers, create a Google Cloud Armor security policy to detect and block exploitation attempts. The WAF rule can be found here https://cloud.google.com/blog/products/identity-security/responding-to-cve-2025-55182?e=0