ByteOS Network

CVE Vulnerability Details :

CVE-2025-43864

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-25 Apr, 2025 | 00:18

Updated At-25 Apr, 2025 | 15:18

▼CVE Numbering Authority (CNA)

React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.

Affected Products

Vendor

remix-run

Product

react-router

Versions

Affected

>= 7.2.0, < 7.5.2

Problem Types

Type	CWE ID	Description
CWE	CWE-755	CWE-755: Improper Handling of Exceptional Conditions

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Hyperlink	Resource
https://github.com/remix-run/react-router/security/advisories/GHSA-f46r-rw29-r322	x_refsource_CONFIRM
https://github.com/remix-run/react-router/commit/c84302972a152d851cf5dd859ff332b354b70111	x_refsource_MISC
https://github.com/remix-run/react-router/blob/e6c53a0130559b4a9bd47f9cf76ea5b08a69868a/packages/react-router/lib/server-runtime/server.ts#L407	x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References