/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
A security advisory has been received for vulnerabilities in the React Server Components (RSC) used by the Next.js framework.
The vulnerabilities, tracked as CVE‑2025‑55182 and CVE‑2025‑66478 (duplicate), may allow unauthenticated remote code execution (RCE) via HTTP requests.
Questions were raised regarding:
- Whether applications deployed on SAP BTP, Cloud Foundry environment, are impacted.
- Whether SAP BTP provides platform‑level mitigation for these vulnerabilities.
- Whether any updates or patches are required at the platform or application level.
- Whether the AWS advisory applies to applications hosted on SAP BTP running on AWS infrastructure.
The affected applications were identified as Next.js‑based web applications deployed on SAP BTP (Cloud Foundry) on AWS.
Read more...
Environment
SAP CAP – node.js runtime
Keywords
react server vulnerabilities, next.js framework, CVE-2025-55182, CVE-2025-66478, remote code execution, SAP BTP, Cloud Foundry, Next.js update, AWS managed services, application security, hyperscalers, SAP CAP, node.js runtime , KBA , BC-XS-CDX-NJS , SAP CAP – node.js runtime , BC-CP-CF , Cloud Foundry , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)