Bug 2362232 (CVE-2025-43864)

Summary: CVE-2025-43864 react-router: React Router allows a DoS via cache poisoning by forcing SPA mode
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, abarbaro, abrianik, adudiak, adupliak, alcohan, anjoseph, anpicker, asoldano, aveerama, bbaranow, bdettelb, bmaxwell, boliveir, bparees, brian.stansberry, brking, caswilli, cdaley, cdewolf, cmah, cmiranda, crizzo, darran.lofthouse, dhanak, dkreling, doconnor, dosoudil, dranck, drichtar, dsimansk, dymurray, eaguilar, ebaron, ecerquei, eric.wittmann, fdeutsch, fjuma, ggrzybek, gmalinko, gparvin, haoli, hasun, hkataria, ibek, ibolton, istudens, ivassile, iweiss, jajackso, janstey, jcammara, jcantril, jchui, jfula, jhe, jkoehler, jkoops, jmatthew, jmitchel, jmontleo, jneedle, jolong, jowilson, jprabhak, jrokos, jwendell, jwong, kaycoth, kegrant, kingland, koliveir, kshier, ktsao, kverlaen, lgao, lphiri, mabashia, manissin, matzew, mnovotny, mosmerov, msochure, msvehla, mwringe, nboldt, nipatil, njean, nwallace, nyancey, omaciel, ometelka, oramraz, owatkins, pahickey, pantinor, parichar, pbraun, pcongius, pdelbell, pdrozd, peholase, periklis, pesilva, pgaikwad, pjindal, pmackay, porcelli, pskopek, psrna, ptisnovs, rcernich, rguimara, rhaigner, rjohnson, rkubis, rmartinc, rojacob, rowaters, rstancel, rstepani, sausingh, sdawley, sfroberg, shvarugh, simaishi, slucidi, smaestri, smcdonal, smullick, sseago, stcannon, sthorger, stirabos, syedriko, tasato, teagle, tfister, thason, thavo, tom.jenkinson, wtam, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the React Router. This vulnerability allows an attacker to trigger a rendering error via a crafted X-React-Router-SPA-Mode header, which can result in cache poisoning. If a caching system is in place, the corrupted error response may be cached and served to subsequent users, significantly impacting application availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-04-25 01:01:08 UTC 
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.