CVE-2025-61686P2CRITICALCVSS 9.1≥ 7.0.0, < 7.9.42026-01-10
CVE-2025-61686 [CRITICAL] CWE-22 CVE-2025-61686: React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/d
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to
nvd