logo

Database

Uncontrolled external site redirect In react-router

Description

An open redirect flaw has been discovered in the react-router npm library. An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), , or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-684702. NVD-2025-684703. OSV-2025-684704. GHSA-9jcx-v3wj-wh4m5. GCVE-2025-68470

References

1. https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.