Bug 2428417 (CVE-2025-68470)

Summary: CVE-2025-68470 react-router: React Router unexpected external redirect
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, abarbaro, abokovoy, abrianik, alcohan, alizardo, anjoseph, anpicker, anthomas, aschwart, asoldano, bbaranow, bdettelb, bmaxwell, boliveir, bparees, brasmith, brian.stansberry, carogers, caswilli, cmah, cochase, darran.lofthouse, dbosanac, dhanak, dnakabaa, doconnor, dosoudil, dranck, drosa, dymurray, eaguilar, ebaron, ehelms, erezende, eric.wittmann, fdeutsch, frenaud, ftrivino, ggainey, ggrzybek, gmalinko, gparvin, haoli, hasun, hkataria, ibek, ibolton, istudens, ivassile, iweiss, jajackso, janstey, jbalunas, jcammara, jcantril, jchui, jfula, jhe, jkoehler, jmatthew, jmitchel, jmontleo, jneedle, joehler, jolong, jowilson, jprabhak, jreimann, jrokos, juwatts, kaycoth, kegrant, koliveir, kshier, ktsao, kverlaen, lball, lcouzens, lphiri, mabashia, manissin, mdessi, mhulan, mnovotny, mosmerov, mposolda, mrizzi, mskarbek, msvehla, mwringe, nboldt, ngough, nipatil, nmoumoul, nwallace, nyancey, ometelka, oramraz, osousa, owatkins, pahickey, pantinor, parichar, pberan, pbizzarr, pbohmill, pbraun, pcattana, pcreech, pdelbell, pesilva, pgaikwad, pjindal, pmackay, psrna, ptisnovs, rchan, rhaigner, rjohnson, rkubis, rmartinc, rojacob, rstancel, rstepani, sausingh, sdawley, sdoran, shvarugh, simaishi, slucidi, smaestri, smallamp, smcdonal, smullick, sseago, ssilvert, stcannon, sthorger, stirabos, syedriko, tasato, teagle, tfister, thason, thavo, tmalecek, tom.jenkinson, veshanka, vmuzikar, wtam, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
An open redirect flaw has been discovered in the react-router npm library. An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2428794, 2428795, 2428786, 2428787, 2428788, 2428789, 2428790, 2428791, 2428792, 2428793    
Bug Blocks:    

Description OSIDB Bzimport 2026-01-10 04:01:52 UTC
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.