Description

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.

INFO

Published Date :

2025-04-25T00:18:16.058Z

Last Modified :

2025-04-25T15:18:38.495Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-43864 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-43864.

URL Resource
https://github.com/remix-run/react-router/blob/e6c53a0130559b4a9bd47f9cf76ea5b08a69868a/packages/react-router/lib/server-runtime/server.ts#L407 cve-icon cve-icon cve-icon
https://github.com/remix-run/react-router/commit/c84302972a152d851cf5dd859ff332b354b70111 cve-icon cve-icon cve-icon
https://github.com/remix-run/react-router/security/advisories/GHSA-f46r-rw29-r322 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-43864 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-43864 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact