CVE Vulnerabilities

CVE-2025-43865

Insufficient Verification of Data Authenticity

Published: Apr 25, 2025 | Modified: Apr 29, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Ubuntu

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, its possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has been patched in version 7.5.2.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Red Hat OpenShift AI 2.23 RedHat registry.redhat.io/rhoai/odh-dashboard-rhel9:sha256:6c224113a2be4fa3fdf49c91300068af94524de4217b6c0f76208ecb6eafdf91 *

References