Vulnerability Description
React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been patched in version 7.5.2.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/remix-run/react-router/blob/e6c53a0130559b4a9bd47f9cf76ea5b08
- https://github.com/remix-run/react-router/commit/c84302972a152d851cf5dd859ff332b
- https://github.com/remix-run/react-router/security/advisories/GHSA-cpj6-fhp6-mr6
FAQ
What is CVE-2025-43865?
CVE-2025-43865 is a vulnerability with a CVSS score of 8.2 (HIGH). React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof i...
How severe is CVE-2025-43865?
CVE-2025-43865 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-43865?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.