A vulnerability CVE-2025-31137 in React Router is leaving Remix 2 and React Router 7 apps vulnerable to cache poisoning and WAF bypass attacks. Users running the Express adapter are at risk. For more technical details, visit: https://t.co/Ems1GIh4fL
??The vulnerability details are now available: https://t.co/Ems1GIh4fL
??CVE-2025-31137 (CVSS 7.5): React Router’s latest vuln is leaving Remix 2 & React Router 7 apps WIDE OPEN to cache poisoning and WAF bypass attacks. If you’re running the Express adapter, you’re in the… https://t.co/w9C3GIVm83 pic.twitter.com/hBSmxSN9A2
— ZoomEye (@zoomeye_team) April 3, 2025