Added virtual patch for CVE-2025-55184 (React DoS)
A Denial of Service vulnerability has been found in React and has been assigned CVE-2025-55184. Fastly has created a virtual patch and it is now enabled by default with immediate blocking for all Next-Gen WAF customers. To deactivate it and remove this protection from your services, follow the steps for your control panel below.
Next-Gen WAF control panel
- Professional or Premier platform
- Essentials platform
Log in to the Next-Gen WAF control panel.
From the Sites menu, select a site if you have more than one site.
- From the Rules menu, select Templated Rules.
- In the search bar, enter
CVE-2025-55184and then click View for the CVE-2025-55184 templated rule. - Click Configure and then deselect the “Enabled” box under the "Configure thresholds and actions” section.
- Click Update rule.
Fastly control panel
Log in to the Fastly control panel.
Go to Security > Next-Gen WAF > Workspaces.
- Click Virtual Patches.
- In the search bar, enter
CVE-2025-55184and then click the pencil to the right of the CVE-2025-55184 virtual patch. - From the Status menu, select Disabled.
- Click Update virtual patch.
