ChangelogSecurity Patch

Security Patch

December 12, 2025

On the 11th of December were disclosed two new vulnerabilities in React/NextJs applications. In our case this affected the newsrooms/themes and the website:

  • CVE-2025-55184 (CVSS 7.5)
  • CVE-2025-55183 (CVSS 5.3)

We got alerted on the 11th of December and upgraded our infrastructure as soon as possible. That includes updating Next.js, React and React DOM to the latest secure versions, addressing known vulnerabilities and tightening our supply-chain protections. As of 12th of December at 12:00 CET all Prezly-hosted sites had been patched.

So the themes and website are no longer vulnerable to the known identified issues. No action is required from users — everything is included in the update.

Update

Later the same day (11th of December) a followup Denial of Service vulnerability has been published:

  • CVE-2025-67779 (CVSS 7.5)

As of 15th of December 17:00 CET it has been patched in all applications.

Back to changelog

Join 500+ PR teams already loving Prezly

Take the stress out of contact management and distribution with a dedicated outreach CRM that your whole team can use.

Start your free trial
Made with love from from 19 countriesManage Cookies
Made with