---
title: Added virtual patch for CVE-2025-55184 (React DoS, also covers CVE-2025-67779)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2025/12/added-virtual-patch-for-cve-2025-55184
---

A Denial of Service vulnerability has been found in React and has been assigned CVE-2025-55184. The fix addressing this CVE was incomplete, and a subsequent one was assigned CVE-2025-67779. Fastly has created a virtual patch that covers both CVEs and it is now enabled by default with immediate blocking for all Next-Gen WAF customers. To deactivate it and remove this protection from your services, follow the steps for your control panel below.

## Next-Gen WAF control panel

### Professional or Premier platform

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2025-55184` and then click **View** for the CVE-2025-55184 templated rule.
5. Click **Configure** and then deselect the “Enabled” box under the "Configure thresholds and actions” section.
6. Click **Update rule**.

### Essential platform

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. Click the **Signals** tab.
4. In the search bar, enter `CVE-2025-55184` and then click **View** for the CVE-2025-55184 tag.
5. Click the **Detections** tab and then click the Enabled detection for `CVE-2025-55184`.
6. Click **Remove detection**
7. Click **Delete detection**.
8. Click the **Alerts** tab and then click the Enabled detection for `CVE-2025-55184`.
9. Click **Remove alert**
10. Click **Delete**.

## Fastly control panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Workspaces**](https://manage.fastly.com/security/ngwaf/workspaces).

3. Click **Virtual Patches**.
4. In the search bar, enter `CVE-2025-55184` and then click the pencil to the right of the CVE-2025-55184 virtual patch.
5. From the **Status** menu, select **Disabled**.
6. Click **Update virtual patch**.