RSC vulns in pages router
Answered
Indian Spitz posted this in #help-forum
Indian SpitzOP
Since we're not using RSC in the old pages router, do we still have to worry about these recent CVEs?
Answered by Australian Freshwater Crocodile
no,
"Next.js 13.x, Next.js 14.x stable, Pages Router applications, and the Edge Runtime are not affected."
https://nextjs.org/blog/CVE-2025-66478#:~:text=Next.js%2013.x%2C%20Next.js%2014.x%20stable%2C%20Pages%20Router%20applications%2C%20and%20the%20Edge%20Runtime%20are%20not%20affected.
"Next.js 13.x, Next.js 14.x stable, Pages Router applications, and the Edge Runtime are not affected."
https://nextjs.org/blog/CVE-2025-66478#:~:text=Next.js%2013.x%2C%20Next.js%2014.x%20stable%2C%20Pages%20Router%20applications%2C%20and%20the%20Edge%20Runtime%20are%20not%20affected.
1 Reply
@Indian Spitz Since we're not using RSC in the old pages router, do we still have to worry about these recent CVEs?
Australian Freshwater Crocodile
no,
"Next.js 13.x, Next.js 14.x stable, Pages Router applications, and the Edge Runtime are not affected."
https://nextjs.org/blog/CVE-2025-66478#:~:text=Next.js%2013.x%2C%20Next.js%2014.x%20stable%2C%20Pages%20Router%20applications%2C%20and%20the%20Edge%20Runtime%20are%20not%20affected.
"Next.js 13.x, Next.js 14.x stable, Pages Router applications, and the Edge Runtime are not affected."
https://nextjs.org/blog/CVE-2025-66478#:~:text=Next.js%2013.x%2C%20Next.js%2014.x%20stable%2C%20Pages%20Router%20applications%2C%20and%20the%20Edge%20Runtime%20are%20not%20affected.
Answer