CVE-2025-68470

medium

Red Hat

CVSS v3 Base Score

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Published: January 10, 2026

Last Modified: January 10, 2026

Vendor: Red Hat

Description

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.

CWE

CWE-601

Affected Products

Cryostat 4Gatekeeper 3Logging Subsystem for Red Hat OpenShiftMigration Toolkit for Applications 7Migration Toolkit for Applications 8Migration Toolkit for ContainersMigration Toolkit for VirtualizationMulticluster Engine for KubernetesNetwork Observability OperatorNode HealthCheck Operator

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2025-68470

Vulnerability Report

Description

CWE

Affected Products

References