AI description
CVE-2025-43864 affects React Router, a routing library for React applications. Specifically, versions 7.2.0 up to 7.5.1 are vulnerable. It is possible to force an application to switch to SPA (Single Page Application) mode by adding a specific header (`X-React-Router-SPA-Mode`) to the request. If an application using server-side rendering (SSR) is forced into SPA mode, it can cause an error that corrupts the page. Furthermore, if a caching system is in place, this error response can be cached, leading to a cache poisoning issue that impacts the application's availability. The vulnerability is fixed in version 7.5.2 of React Router.
- Description
- React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-755
- Hype score
- Not currently trending
React Router の脆弱性 CVE-2025-43864/43865 が FIX:ポイズニングとスプーフィング https://t.co/e4W3vXTUiN React Router に、2件の深刻な脆弱性が発生しています。ご利用のチームは、アップデートをお急ぎください。なお、
@iototsecnews
12 May 2025
92 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 React Router has patched two high-severity vulnerabilities (CVE-2025-43864 & CVE-2025-43865) that could allow content spoofing and service disruption. Upgrade to 7.5.2 to stay secure! 🇺🇸 #ReactRouter #AppSecurity link: https://t.co/8jMF0Tm2UO https://t.co/iURgCEzH
@TweetThreatNews
28 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert for #ReactRouter & #RemixJS users! Two high-severity cache poisoning bugs (CVE-2025-43864 & CVE-2025-43865) can cause DoS & stored XSS. 🔄 Upgrade to v7.5.2+ 🧹 Purge all caches ⚙️ Review caching settings Stay safe! 🔒 #WebSecurity #D
@KasunLuckshitha
28 Apr 2025
136 Impressions
2 Retweets
7 Likes
1 Bookmark
1 Reply
0 Quotes
🚨Alert🚨 two new vulnerabilities in React Router CVE-2025-43864: DoS via cache poisoning by forcing SPA mode CVE-2025-43865: Pre-render data spoofing on React-Router framework mode 🔥PoC from @zhero___ & @inzo____ : CVE-2025-43864:https://t.co/hfhSnQ6p8F https://t.co/
@HunterMapping
28 Apr 2025
2861 Impressions
11 Retweets
44 Likes
20 Bookmarks
0 Replies
0 Quotes
React Router Vulnerabilities CVE-2025-43864 and CVE-2025-43865 Expose Web Applications to Attack https://t.co/nPQfc8BuPJ
@the_yellow_fall
28 Apr 2025
373 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
React Routerチームは、フレームワークモードで動作するアプリケーションに影響を与える2件の脆弱性(CVE-2025-43864およびCVE-2025-43865)に関する注意喚起を発表した。 React Routerは週に約1,400万回ダウンロードされ
@yousukezan
28 Apr 2025
951 Impressions
4 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
We've rolled out a mitigation to protect all Cloudflare customers from the recent vulnerabilities in Remix and React Router (CVE-2025-43864 and CVE-2025-43865).
@CloudflareDev
27 Apr 2025
48083 Impressions
29 Retweets
561 Likes
58 Bookmarks
9 Replies
8 Quotes
Threat Alert: Critical React Router Flaws Affects Framework Mode Applications CVE-2025-43864 CVE-2025-43865 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/ab48UY6eal #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
27 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vercel customers are protected from two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) in Remix and React Router. Read our advisory to understand impact and next steps. https://t.co/jmPW2qHxWA
@vercel_changes
26 Apr 2025
107221 Impressions
6 Retweets
54 Likes
15 Bookmarks
0 Replies
3 Quotes
🚨 CVE-2025-43864 🔴 HIGH (7.5) 🏢 remix-run - react-router 🏗️ >= 7.2.0, < 7.5.2 🔗 https://t.co/cUyhKOe65X 🔗 https://t.co/7QnIjVRwSH 🔗 https://t.co/rB1xUD1ck8 #CyberCron #VulnAlert #InfoSec https://t.co/uTf9qE9Mow
@cybercronai
25 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43864 React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a hea… https://t.co/fo5VJpIVQU
@CVEnew
25 Apr 2025
303 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
another research effort with @inzo____ led to the discovery of two new vulnerabilities in React Router (14M+ downloads/week), resulting in: - CVE-2025-43865 (High-8.2) - CVE-2025-43864 (High-7.5) https://t.co/ooTe702fat
@zhero___
24 Apr 2025
21739 Impressions
46 Retweets
407 Likes
160 Bookmarks
19 Replies
3 Quotes