When AI Got the Diagnosis Wrong: CVE-2025-66478
Date Published
Post Corrected
Originally published Feb 2, 2026
This post was originally titled "PayloadCMS Initial Migration Pains" and blamed our deployment issues on PayloadCMS configuration and schema problems. That diagnosis was produced by AI-assisted research and was completely wrong.
The real cause was CVE-2025-66478 โ a critical (CVSS 10.0) RCE in Next.js's React Server Components protocol. A second app with no PayloadCMS whatsoever hit the exact same issue a day later. That confirmed it.
When AI Got the Diagnosis Wrong
We had deployment issues. We used AI to help diagnose them. It produced a confident, detailed, technically-plausible root cause analysis blaming PayloadCMS. We published it without independently verifying any of it. It was completely wrong.
This post is the correction โ and a case study in why AI-generated incident analysis needs to be treated as a hypothesis, not a conclusion.
โ ๏ธ The January 3rd Incident
Our earlier post โ When AI-Generated Deployment Breaks Everything โ described a Monero miner found on production on January 3rd, 2026. That post also blamed PayloadCMS (empty database, auth bypass). Given that CVE-2025-66478 was live from December 4th and that diagnosis followed the same AI-assisted process, it is very likely affected by the same error. We have not yet re-investigated that post.
What the AI Told Us
The original diagnosis concluded:
โ AI Diagnosis โ All Incorrect
- PayloadCMS was deployed without running database migrations
- An empty database left the auth system in a permanent bypass state
- The
canAccessAdminutility allowed access when no users existed - Schema mapping failures caused cascading deployment issues
- Custom field types without direct equivalents broke the migration
Every point was stated with confidence. The analysis included a plausible timeline, code-level specifics, and actionable recommendations. It read like a thorough post-mortem. None of it was verified against what actually happened.
What Actually Happened
A day after our issues, a second application โ one that had never used PayloadCMS โ experienced the same class of failure. That single fact invalidated the entire original diagnosis.
The actual cause was CVE-2025-66478.
๐จ CVE-2025-66478
CVSS 10.0 ยท Critical ยท No workaround
The React Server Components (RSC) protocol in Next.js allowed untrusted inputs to influence server-side execution paths. Attackers could craft requests that triggered arbitrary code execution on unpatched App Router applications.
- Upstream CVE: CVE-2025-55182 (React)
- GitHub Advisory: GHSA-9qr9-h5gf-34mp
- Scope: App Router only. Pages Router and Edge Runtime are not affected.
- Workaround: None. Upgrading is mandatory.
Timeline
๐ CVE-2025-66478 Timeline
Next.js publishes the security advisory. Patched versions available immediately.
Critical exposure window opens at 1:00 PM PT. Any unpatched App Router app is live-exploitable from this point.
Automated fix tool fix-react2shell-next released by Vercel.
Next.js team recommends rotating all secrets on any app that was online and unpatched after Dec 4.
Affected Versions
โ ๏ธ Vulnerable
- Next.js 15.x โ all minor versions
- Next.js 16.x โ all minor versions
- Next.js 14.3.0-canary.77 and later canary releases
โ Not Affected
- Next.js 13.x
- Next.js 14.x stable releases
- Pages Router applications
- Edge Runtime
The Fix
# Patch to the latest fixed version for your minor:
npm install next@15.0.5 # 15.0.x
npm install next@15.1.9 # 15.1.x
npm install next@15.2.6 # 15.2.x
npm install next@15.3.6 # 15.3.x
npm install next@15.4.8 # 15.4.x
npm install next@15.5.7 # 15.5.x
npm install next@16.0.7 # 16.0.x
# Or use the automated tool:
npx fix-react2shell-next
โ ๏ธ Rotate Your Secrets
After patching and redeploying, rotate all application secrets immediately. If your app was online and unpatched after December 4th at 1:00 PM PT, assume all secrets are compromised. Prioritize database credentials and API keys first.
Lessons Learned
โ What We Took Away
AI-Assisted Diagnosis
- Fluent, detailed output is not evidence of correctness
- AI will construct a plausible narrative from incomplete context โ treat it as a hypothesis
- Always verify AI findings against observable facts before publishing
- A second incident is the fastest way to disprove a single-app theory
Security Hygiene
- Subscribe to upstream advisories โ Next.js, React, and your runtime
- When deployment issues appear unexpectedly, check CVE databases first
- Automated fix tools exist for a reason โ use them
- Rotate all secrets after any confirmed RCE, even if the exact vector is still unclear