Summary: The React Router library has patched two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed for content spoofing and cache-poisoning attacks. Developers are urged to upgrade to version 7.5.2 immediately to address these security issues. Failure to update could leave applications exposed to serious risks, including data manipulation and denial of service (DoS) attacks.
Affected: React Router library
Keypoints :
- Two critical vulnerabilities allow attackers to spoof content and disrupt service.
- CVE-2025-43864 enables DoS via cache poisoning in single-page application mode.
- CVE-2025-43865 allows manipulation of pre-rendered data leading to potential phishing and XSS attacks.
- Immediate updates to version 7.5.2 are necessary to mitigate risks.
- Organizations should also audit server-side loaders and monitor headers for any suspicious activity.
Source: https://gbhackers.com/react-router-vulnerabilities/
Views: 31