{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T18:14:10.140","vulnerabilities":[{"cve":{"id":"CVE-2025-43864","sourceIdentifier":"security-advisories@github.com","published":"2025-04-25T01:15:43.117","lastModified":"2026-06-17T09:24:40.123","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2."},{"lang":"es","value":"React Router es un enrutador para React. A partir de la versión 7.2.0 y anteriores a la 7.5.2, es posible forzar el cambio a modo SPA en una aplicación añadiendo un encabezado a la solicitud. Si la aplicación usa SSR y se ve obligada a cambiar a modo SPA, se produce un error que corrompe completamente la página. Si existe un sistema de caché, la respuesta con el error se almacena en caché, lo que provoca un envenenamiento de caché que afecta gravemente la disponibilidad de la aplicación. Este problema se ha corregido en la versión 7.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"remix-run","product":"react-router","versions":[{"version":">= 7.2.0, < 7.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-25T15:17:49.573437Z","id":"CVE-2025-43864","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-755"}]}],"references":[{"url":"https://github.com/remix-run/react-router/blob/e6c53a0130559b4a9bd47f9cf76ea5b08a69868a/packages/react-router/lib/server-runtime/server.ts#L407","source":"security-advisories@github.com"},{"url":"https://github.com/remix-run/react-router/commit/c84302972a152d851cf5dd859ff332b354b70111","source":"security-advisories@github.com"},{"url":"https://github.com/remix-run/react-router/security/advisories/GHSA-f46r-rw29-r322","source":"security-advisories@github.com"}]}}]}