Insufficient Verification of Data Authenticity

CVE-2025-43865

High

8.2/10

Summary

The package react-router is a routing library for React applications. In versions 7.0.x prior to 7.5.2, it was possible to modify pre-rendered data by adding a specific header to the request. This allowed for the complete spoofing of its contents and modification of all values in the data object passed to the HTML.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Apr 25, 2025

Insufficient Verification of Data Authenticity

CVE-2025-43865

Summary

CWE-345 - Insufficient Verification of Data Authenticity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS