Description

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has been patched in version 7.5.2.

INFO

Published Date :

2025-04-25T00:18:53.222Z

Last Modified :

2025-04-25T15:16:00.202Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-43865 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-43865.

URL Resource
https://github.com/remix-run/react-router/blob/e6c53a0130559b4a9bd47f9cf76ea5b08a69868a/packages/react-router/lib/server-runtime/routes.ts#L87 cve-icon cve-icon cve-icon
https://github.com/remix-run/react-router/commit/c84302972a152d851cf5dd859ff332b354b70111 cve-icon cve-icon cve-icon
https://github.com/remix-run/react-router/security/advisories/GHSA-cpj6-fhp6-mr6j cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-43865 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-43865 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact