{"vulnerability": "CVE-2025-31137", "sightings": [{"uuid": "90123b3a-ba9f-4b2b-98ac-4f50a179035e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "published-proof-of-concept", "source": "Telegram/m_VX8ITBtSBz-wC_458XeKLmc3TfY-HOZ02yPgCyfuW9sk0", "content": "", "creation_timestamp": "2025-04-23T21:00:07.000000Z"}, {"uuid": "87c8a6f5-45de-492a-8bf6-3cf0bae2f02b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3llva3g6nzb2j", "content": "", "creation_timestamp": "2025-04-03T06:02:12.751794Z"}, {"uuid": "84469591-2a35-4542-a94e-b66778d7a84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3llvh4u3jhc2s", "content": "", "creation_timestamp": "2025-04-03T08:08:19.661467Z"}, {"uuid": "60a95730-64b0-4a7e-9e53-c5caec9ce2c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-31137", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lm4rxzkid22o", "content": "", "creation_timestamp": "2025-04-06T06:11:04.303905Z"}, {"uuid": "8a7b84f9-d2d1-4de4-96fb-a39a863058a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/feedbot.unronritaro.net/post/3lmzw7gaugj2u", "content": "", "creation_timestamp": "2025-04-17T20:14:01.325799Z"}, {"uuid": "b0a12f19-8a19-46e3-8625-a12c0dfd3627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-31137", "type": "seen", "source": "https://bsky.app/profile/rss.y-u-e.workers.dev/post/3ln3azc3paf2b", "content": "", "creation_timestamp": "2025-04-18T09:00:06.081484Z"}, {"uuid": "7e693e1e-427a-44ca-8357-5d6d398a2d5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/kriware.bsky.social/post/3lnmil7z3l22g", "content": "", "creation_timestamp": "2025-04-25T05:30:38.344794Z"}, {"uuid": "3c82d645-1428-44f4-bd89-888c536dbdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9963", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31137\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.\n\ud83d\udccf Published: 2025-04-01T18:20:32.660Z\n\ud83d\udccf Modified: 2025-04-01T18:20:32.660Z\n\ud83d\udd17 References:\n1. https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477", "creation_timestamp": "2025-04-01T18:32:39.000000Z"}, {"uuid": "23aa2a93-a20d-4dd5-a8b5-3c5f18dcf414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbvgsji25", "content": "", "creation_timestamp": "2025-08-03T21:02:42.919920Z"}, {"uuid": "b9375aaa-f5ef-45fe-b499-1a462eb9fe66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114264388612256212", "content": "", "creation_timestamp": "2025-04-01T19:36:44.134042Z"}, {"uuid": "8f49a193-a346-4abe-9b84-e048a1747bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114264388612256212", "content": "", "creation_timestamp": "2025-04-01T19:36:44.132617Z"}, {"uuid": "f4e87b98-7bf9-44ff-8e10-986c98829b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/slymb.net/post/3llwlf53yrs2e", "content": "", "creation_timestamp": "2025-04-03T18:57:15.324144Z"}, {"uuid": "67954322-d449-4fcb-8688-c824cc9fcff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3llx55dvlck2a", "content": "", "creation_timestamp": "2025-04-04T00:15:06.334340Z"}, {"uuid": "9aad20f3-fc67-49f6-a484-5ec50e145ef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31137", "type": "seen", "source": "https://t.me/cvedetector/21799", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31137 - Remix/React Router URL Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31137 \nPublished : April 1, 2025, 7:15 p.m. | 25\u00a0minutes ago \nDescription : React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T22:15:41.000000Z"}]}