Dear Customers,
At Modyo, the security and integrity of the platform are our top priority. We are aware of the recent disclosure of critical Remote Code Execution (RCE) vulnerabilities affecting certain implementations within the React ecosystem, specifically the React Server Components (RSC).
This vulnerability, identified as CVE-2025-55182, has a critical severity rating (CVSS 10.0) and is due to an insecure deserialization issue within the "Flight" protocol used by RSC. This could potentially allow an unauthenticated attacker to execute arbitrary code on the server of affected applications.
Impact on Modyo
We want to assure all our customers that the Modyo platform is not affected by the CVE-2025-55182 vulnerability or other related issues that exploit the Server Components protocol.
- React Usage: Modyo utilizes the React library only as part of its frontend (the user interface that runs in the browser).
- Components Not Used: Our architecture does not implement React Server Components (RSC), nor does it use the "Flight" protocol on the server. The vulnerable code resides in the handling of this protocol on the server side, a component that Modyo does not employ.
In summary, since Modyo only uses React for client-side user interface rendering and not for processing the vulnerable Server Components, your operation within our platform remains secure and requires no immediate action from your teams.
We continue to actively monitor the threat landscape to ensure the maximum protection for your businesses.
If you have any questions or require further clarification, please contact our support team.
Sincerely,
José Antonio Silva
CTO, Modyo