Read on for Okta’s response to React2Shell (CVE-2025-55182) and to learn more about actions required by developers.
On March 21, 2025, Vercel disclosed a critical security vulnerability (CVE-2025-29927) which makes it possible to bypass authorization checks within a Next.js application if the authorization check occurs in middleware. Note: The Okta service is not affected by this vulnerability.
Okta has identified an increase in phishing social engineering attempts. This report provides guidance on what you can expect when getting technical assistance from Okta Support, or contact from Okta.
