{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T11:29:25.177","vulnerabilities":[{"cve":{"id":"CVE-2025-31137","sourceIdentifier":"security-advisories@github.com","published":"2025-04-01T19:15:45.663","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1."},{"lang":"es","value":"React Router es un enrutador multiestrategia para React que conecta React 18 con React 19. Existe una vulnerabilidad en Remix/React Router que afecta a todos los consumidores de Remix 2 y React Router 7 que usan el adaptador Express. Esta vulnerabilidad permite falsificar la URL utilizada en una solicitud entrante al incluir una ruta de URL en la sección de puerto de una URL que forma parte de un encabezado Host o X-Forwarded-Host enviado a un controlador de solicitudes de Remix/React Router. Este problema se ha corregido y publicado en Remix 2.16.3 y React Router 7.4.1."}],"metrics":{"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477","source":"security-advisories@github.com"}]}}]}