Improper Handling of Exceptional Conditions

CVE-2025-43864

High

7.5/10

Summary

The package react-router is a routing library for React applications. In versions 7.2.x prior to 7.5.2, forcing an application into SPA mode was possible by adding a specific header to the request. If the application utilizes SSR and is coerced into SPA mode, this could lead to an error that completely disrupts the page. Furthermore, if a caching system is in place, this error response could be cached, resulting in cache poisoning that significantly impacts the application's availability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Apr 25, 2025

Improper Handling of Exceptional Conditions

CVE-2025-43864

Summary

CWE-755 - Improper Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS