216.73.216.133

CVE-2025-31137

· Published 01/04/2025 19:15 · Modified 01/04/2025 20:26

Labels: CVE-2025-31137 2025-04-01CVE-2025-31137CWE-444[email protected]

Essential information

Published
01/04/2025 19:15
Modified
01/04/2025 20:26
Author
Creator
CVSS
7.5 HIGH (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
remix / remix cpe:2.3:a:remix:remix:*:*:*:*:*:*:*:*
react router / react router cpe:2.3:a:react_router:react_router:*:*:*:*:*:*:*:*

References