THREATOPS
THREAT OPSThreat News › [NVD] CVE-2025-61686 (CRITICAL 9.1) — React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in

[NVD] CVE-2025-61686 (CRITICAL 9.1) — React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in

lownvdPublished 2026-01-10

CVE-2025-61686 CVSS: 9.1 CRITICAL Published: 2026-01-10T03:15:48.283

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-61686