How severe is CVE-2025-43865?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2025-43865?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2025-43865 - HIGH Severity | CVSS 8.2

Vulnerability Description

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been patched in version 7.5.2.

Related Vulnerabilities

CVE-2018-7798

HIGH

CVSS:8.2(High)

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when ...

CWE-3452018

CVE-2016-2346

HIGH

CVSS:8.1(High)

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-...

CWE-3452016

CVE-2017-11103

HIGH

CVSS:8.1(High)

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. I...

CWE-3452017

CVE-2017-11130

HIGH

CVSS:8.1(High)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In t...

CWE-3452017

CVE-2017-17023

HIGH

CVSS:8.1(High)

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure ...

CWE-3452017

CVE-2017-2667

HIGH

CVSS:8.1(High)

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not che...

CWE-3452017