CVE-2025-68470

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions React Router versions 6.0.0 through 6.30.1 React Router versions 7.0.0 through 7.9.5

Description A crafted path supplied by an attacker can cause a React Router application to navigate or redirect to an external URL when using navigate(), <Link>, or redirect(). This occurs when untrusted content is used in navigation paths within the application code.

Recommendations Update to React Router version 6.30.2 or later. Update to React Router version 7.9.6 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-68470

GHSA-9JCX-V3WJ-WH4M

Affected Products

React Router

CVE-2025-68470

Weakness Enumeration

Related Identifiers

Affected Products

References · 7