CVE-2025-43864 – React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, …

Vuln ID: CVE-2025-43864

Published: 2025-04-25 01:15:43.117

Description: React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.

Base Score: 7.5 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD.NIST.GOV

Date:

25 April 2025

Categorie(s):

NVD

Tag(s):

NVD

How to Develop a Strong Security Culture – Advice for CISOs and CSOs26 April 2025
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed26 April 2025
US wants to nix the EU AI Act’s code of practice, leaving enterprises to develop their own risk standards26 April 2025
Beating the AI Game, Ripple, Numerology, Darcula, Special Guests from Hidden Layer… – Malcolm Harkins, Kasimir Schulz – SWN #47125 April 2025
Amid CVE funding fumble, ‘we were mushrooms, kept in the dark,’ says board member25 April 2025