CVE-2025-43865

Published Apr 25, 2025

Last updated a day ago

React Router

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-43865 is a vulnerability affecting React Router, a routing library for React applications. Specifically, versions on the 7.0 branch prior to 7.5.2 are susceptible. The vulnerability stems from the possibility of modifying pre-rendered data by adding a header to the request. By exploiting this vulnerability, an attacker can completely spoof the contents and modify all the values of the data object passed to the HTML. This is achieved by manipulating the `X-React-Router-Prerender-Data` header. The issue has been addressed and patched in version 7.5.2 of React Router.

Description: React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been patched in version 7.5.2.
Source: security-advisories@github.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.2
Impact score: 4.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: HIGH

Weaknesses

security-advisories@github.com: CWE-345

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 36

Overview

AI description

Risk scores

CVSS 3.1

Weaknesses

Social media

References