We looked deeply into this React Router/Remix CVE and deployed mitigation for Vercel customers through our firewall - It enables stored XSS (Attack impacts later visitors) - Likelihood that any React Router/Remix site is impacted is high - If using another CDN action may be required - Version upgrade highly recommended Details https://t.co/vS0r1Ev4P0
another research effort with @inzo____ led to the discovery of two new vulnerabilities in React Router (14M+ downloads/week), resulting in: - CVE-2025-43865 (High-8.2) - CVE-2025-43864 (High-7.5)
