CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-31137

Critical Severity
SVRS
78/100
CVSSv3
7.5/10
EPSS
0.00057/1

CVE-2025-31137 is a URL spoofing vulnerability affecting Remix 2 and React Router 7 when using the Express adapter. This vulnerability allows attackers to manipulate the URL used in incoming requests by injecting a pathname into the port section of a Host or X-Forwarded-Host header. With a CVSS score of 7.5 and an SVRS of 78, this vulnerability is considered high severity and requires prompt attention. Although not critical (SVRS > 80), the potential for URL spoofing can lead to various exploits, including unauthorized access and data manipulation. Update to Remix 2.16.3 or React Router 7.4.1 to mitigate this security risk. This issue highlights the importance of validating headers in web applications to prevent malicious manipulation. The patch addresses the improper handling of URL pathnames in the host header.

TAGS
X_refsource_CONFIRM
VECTOR STRING
CVSS:3.0
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2025-04-02
LAST MODIFIED2025-04-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

@zhero___ @inzo____ 1. CVE-2025-31137
1
0
0
@Rod64847002 @zhero___ @inzo____ CVE-2025-31137 is a high-severity vulnerability in React Router, affecting @react-router/express (versions 7.0.0-7.4.0) and @remix-run/express (versions >=2.11.1). Attackers can manipulate URLs, potentially causing cache poisoning or bypassing Web Application Firewalls. The issue
0
0
0
Warning: HTTP Request/Response Smuggling vulnerability in #React library react-router (Remix). #CVE-2025-31137, CVSS 7.5. Attackers can spoof the URLs of incoming requests, which can lead to unexpected behavior. #Patch #Patch #Patch More info: https://t.co/RHKVEr4I06
0
1
0
⚡️The vulnerability details are now available: https://t.co/Ems1GIh4fL 🚨🚨CVE-2025-31137 (CVSS 7.5): React Router’s latest vuln is leaving Remix 2 & React Router 7 apps WIDE OPEN to cache poisoning and WAF bypass attacks. If you’re running the Express adapter, you’re in the https://t.co/hBSmxSN9A2
0
0
0
🚨Alert🚨 CVE-2025-31137: React Router Vulnerability Exposes Web Apps to Cache Poisoning and WAF Bypass Attacks 🧐Deep Dive from @zhero___ & @inzo____:https://t.co/ILlL7681Ct 📊 11K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/H0UnTAirSw https://t.co/lNIuOt6LO8
0
2
2
CVE-2025-31137: React Router Vulnerability Exposes Web Apps to Cache Poisoning and WAF Bypass Attacks https://t.co/ICTVMOKfkq
0
0
0
A newly discovered flaw, CVE-2025-31137, has been identified in React Router, a popular library used for managing routing in React applications React Router is a widely used library, with one report stating it has over 13.2 million weekly downloads https://t.co/ODjeOlgdm6
0
1
3
New paper on a vulnerability discovered in React Router, resulting from a collaboration between @zhero___ and @inzo____, which led to CVE-2025-31137: 'React Router and the Remix'ed Path. https://t.co/Wdo4g77aV8 https://t.co/k1dyS9WOpx
0
0
3
@rkreddyp @zhero___ @inzo____ CVE-2025-31137: Upgrade to React Router 7.4.1 or Remix 2.16.3. This patch fixes URL manipulation via Host/X-Forwarded-Host headers, preventing potential cache poisoning DoS attacks. Severity: High (CVSS 7.5).
1
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
HTTPS://GITHUB.COM/REMIX-RUN/REACT-ROUTER/SECURITY/ADVISORIES/GHSA-4Q56-CRQP-V477https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477
[email protected]https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477

CWE Details

CWE IDCWE NameDescription
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence