Outage in amazee.io
Public statement on CVE-2025-55182
Minor
December 05, 2025 - Started 29 days ago
Official incident page
Official incident page
Incident Report
Summary
We are aware of CVE-2025-55182, a critical vulnerability impacting certain versions of React Server Components and Next.js. Our priority is to protect customer workloads while upstream patches are applied.
What we've done
For customers using the Advanced WAF solution provided by amazee.io, we have enabled virtual patching in blocking mode to mitigate exploit attempts while application upgrades proceed. At this time, there is no mitigation available at the CDN layer.
Customer action
If your applications use affected React packages or frameworks (for example, Next.js 15.x or 16.x App Router), upgrade to patched versions as soon as possible per vendor guidance.
* Continue standard secure development practices and monitor your application logs for anomalies.
* Virtual patches reduce risk, but code upgrades remain the definitive fix.
Support
If you have questions about exposure, upgrade paths, or rule coverage, contact our support team through your standard channel.
Our Commitment
Security is central to our mission. We continuously work to strengthen protections, reduce risk, and keep our customers informed.
References
* CVE-2025-55182 record: https://www.cve.org/CVERecord?id=CVE-2025-55182
* React Server Components advisory: https://github.com/advisories/GHSA-fv66-9v8q-g76r
* Next.js advisory: https://github.com/advisories/GHSA-9qr9-h5gf-34mp
Need to monitor amazee.io outages?
One place to monitor all your cloud vendors.
Get instant alerts when an outage is detected.
Latest Updates ( sorted recent to last )
MONITORING
18 days ago - at 12/15/2025 04:50PM
Our review shows the affected React packages are present only in non-production amazee.io resources.
MONITORING
28 days ago - at 12/05/2025 07:23AM
We are continuing to monitor for any further issues.
MONITORING
29 days ago - at 12/05/2025 01:08AM
Summary
We are aware of CVE-2025-55182, a critical vulnerability impacting certain versions of React Server Components and Next.js. Our priority is to protect customer workloads while upstream patches are applied.
What we've done
For customers using the Advanced WAF solution provided by amazee.io, we have enabled virtual patching in blocking mode to mitigate exploit attempts while application upgrades proceed. At this time, there is no mitigation available at the CDN layer.
Customer action
If your applications use affected React packages or frameworks (for example, Next.js 15.x or 16.x App Router), upgrade to patched versions as soon as possible per vendor guidance.
* Continue standard secure development practices and monitor your application logs for anomalies.
* Virtual patches reduce risk, but code upgrades remain the definitive fix.
Support
If you have questions about exposure, upgrade paths, or rule coverage, contact our support team through your standard channel.
Our Commitment
Security is central to our mission. We continuously work to strengthen protections, reduce risk, and keep our customers informed.
References
* CVE-2025-55182 record: https://www.cve.org/CVERecord?id=CVE-2025-55182
* React Server Components advisory: https://github.com/advisories/GHSA-fv66-9v8q-g76r
* Next.js advisory: https://github.com/advisories/GHSA-9qr9-h5gf-34mp
Latest amazee.io outages
Logging partially unavailable - about 1 month ago
CH4: Workloads unable to start - about 2 months ago
Logging inaccessible - about 2 months ago
Postgresql CH4 upgrade to 14 - about 2 months ago
Connection interruption for CH4 database - 2 months ago
The Status Page Aggregator with Early Outage Detection
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 5200 services available
Integrations with
