CVE-2025-43864

React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2.

We have discovered 1 live websites that are affected by CVE-2025-43864.

Run a Free Instant Scan



Affected Software

Product  React Router DOM
Category JavaScript Libraries
Vulnerable Domains1 live websites (0.12% of React Router DOM install base)
Vulnerable Versions
  • from 7.2 through 7.5.2
Vulnerable Versions Count0 versions ( less than 0.1% of all versions)


Common Weakness Enumeration

CWE-755 Improper Handling of Exceptional Conditions



Details

  • Published - Apr 25, 2025
  • Updated - Apr 25, 2025

Website Distribution by Country

Number of websites using CVE-2025-43864
United States1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-43864

Top websites that are affected by CVE-2025-43864. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****.run United States***,***
See full domain list

FAQ

CVE-2025-43864 is Improper Handling of Exceptional Conditions in React Router DOM
A total of 1 websites have been identified as vulnerable to CVE-2025-43864, based on global website indexing conducted by WebTechSurvey.
The React Router DOM is affected by the CVE-2025-43864 vulnerability.
React Router DOM versions up to 7.5.2 are vulnerable to CVE-2025-43864.
CVE-2025-43864 is resolved in version 7.5.2 of React Router DOM.