CVE-2025-68470

medium Red Hat
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 90% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
High
Availability
None
Published: January 10, 2026 (125 days ago)
Last Modified: January 10, 2026
Vendor: Red Hat

Description

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.

CWE

CWE-601

Affected Products

Cryostat 4Gatekeeper 3Logging Subsystem for Red Hat OpenShiftMigration Toolkit for Applications 7Migration Toolkit for Applications 8Migration Toolkit for ContainersMigration Toolkit for VirtualizationMulticluster Engine for KubernetesNetwork Observability OperatorNode HealthCheck Operator

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com