A critical security vulnerability, CVE-2025-31137, has been identified in React Router, a popular library used by millions of developers for managing routing in React applications.
Security researchers from zhero_web_security discovered this flaw, which affects both React Router 7 and Remix 2 frameworks when using the Express adapter. It could potentially expose web applications to cache poisoning and web application firewall (WAF) bypass attacks.
https://cybersecuritynews.com/react-rou ... -web-apps/