Critical Security Update: Protecting Tower Users

We’re writing to inform you about an important security update we’ve just released for Tower.

What Happened?

Last week, the React and Next.js teams disclosed critical security vulnerabilities affecting applications built with these frameworks:

🔴 CVE-2025-55184 & CVE-2025-67779 (High Severity - CVSS 7.5/10)

Denial of Service vulnerabilities in the React Server Components runtime (react-server-dom packages). These flaws allow malicious actors to send specially crafted HTTP requests to Server Function endpoints that cause an infinite loop, hanging the server process and consuming CPU resources.

Important: The initial fix for CVE-2025-55184 was incomplete and did not fully prevent DoS attacks across all payload types. CVE-2025-67779 was assigned for the follow-up vulnerability and represents the complete fix for the remaining DoS case.

🟡 CVE-2025-55183 (Medium Severity - CVSS 5.3/10)

A vulnerability that can cause Server Functions to return compiled source code, potentially revealing business logic and hard-coded secrets.

These vulnerabilities affect:

Next.js applications using App Router:

  • Versions 14.2.0 through 14.2.12 (fixed in 14.2.13+)
  • Versions 15.0.0 through 15.1.3 (fixed in 15.1.4+)
  • Canary versions prior to specific patches

React 19 RSC packages:

  • Versions 19.0.0 through 19.2.2 are affected
  • Fixed versions: 19.0.3, 19.1.4, and 19.2.3 (and later)

Our Response

Security is our top priority. As soon as these vulnerabilities were disclosed, our engineering team immediately took action and applied the necessary patches.

Tested Thoroughly

We validated that all functionality works correctly with the security patches across both iOS and Android platforms.

Deployed Updates

We deployed Tower v1.8.3 immediately after the initial disclosure. When the incomplete fix was discovered, we rapidly deployed Tower v1.8.4 with the complete patches, now available on both the Apple App Store and Google Play Store.

What This Means for You

The Good News

No user data was compromised

No evidence of exploitation in Tower

Patches deployed immediately after disclosure

Action Required

Update to Tower v1.8.4 now to ensure you have the complete protection.

How to Update:

📱 iOS Users:

  1. Open the App Store
  2. Go to Updates
  3. Install Tower version 1.8.4

🤖 Android Users:

  1. Open the Play Store
  2. Go to My apps & games
  3. Update Tower to version 1.8.4

Our Commitment to Security

This incident reinforces our unwavering commitment to:

🛡️ Proactive Security

Monitoring security advisories and responding immediately to threats across all our products.

⚡ Rapid Response

Deploying critical patches within hours of disclosure, minimizing any potential exposure.

📢 Transparency

Keeping you informed about security matters that affect your experience and data protection.

🔄 Continuous Improvement

Staying current with framework updates and implementing industry-leading security best practices.

Tower Continues to Evolve

While we prioritized this critical security update, Tower continues to deliver:

🎯 Powerful AI-driven insights for your business data

📊 Real-time analytics that drive better decisions

🔒 Enterprise-grade security with constant monitoring

📱 Seamless mobile experience across iOS and Android

Technical Details

For those interested in the technical specifics:

🔗 Official Security Advisories

Tower v1.8.3 & v1.8.4 Release Notes

v1.8.3 Release Dates:

  • December 12, 2025 on Web and Android
  • December 13, 2025 on iOS

v1.8.4 Release Dates:

  • December 13, 2025 on Web
  • December 16, 2025 on Android
  • Expected rollout to iOS users on December 17, 2025

Security Updates:

  • v1.8.3: Initial patches for CVE-2025-55184 and CVE-2025-55183
  • v1.8.4: Complete fix for CVE-2025-67779 (addresses incomplete v1.8.3 patch)
  • All dependencies scanned and updated where necessary

Impact: Zero data loss, no feature disruption

Questions or Concerns?

Our security and support teams are here to help if you have any questions about:

  • This security update
  • Tower’s security practices
  • Your data protection measures
  • Enterprise security requirements

Contact our support team

About Tower

Tower is Codygon’s mobile-first agentic AI dashboard platform that brings the power of Tower to your mobile devices. With AI that learns, thinks, and acts on your data, Tower delivers real-time insights wherever you are.

Learn more about Tower: Explore Tower features

Thank you for your continued trust in Tower. Your security is our priority, and we remain committed to protecting your data while delivering innovative AI-powered analytics.

Last updated: December 17, 2025

Tags:
Tower Security CVE-2025-55184 CVE-2025-67779 CVE-2025-55183 React Next.js Cybersecurity Mobile Security Product Update
← Back to Blog