Home > Vulnerability Database > CVE-2025-59057

Mend.io Vulnerability Database

CVE-2025-59057

Good to know:

Date: January 9, 2026

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0.

Severity Score

7.6

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59057

Url: https://github.com/remix-run/react-router

Url: https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8

Url: https://www.mend.io/vulnerability-database/CVE-2025-59057

Severity Score

7.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version react-router - 7.9.0;react-router - 7.9.0;@remix-run/react - 2.17.1;https://github.com/remix-run/react-router.git - react-router@7.9.0

Learn More

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59057

Good to know:

Date: January 9, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?