After their previous accident, Vercel has been quick to address any potential security threats in their system. Most recently, the company addressed two critical vulnerabilities, CVE-2025-43864 and CVE-2025-43865, affecting React Router versions 7.0.0 to 7.5.1, commonly used with the Remix framework. Both of these were pointed out by security researchers.
These flaws allowed attackers to exploit specific HTTP headers to poison caches, potentially leading to DoS attacks and stored XSS vulnerabilities.
Vercel updated their firewall to strip the malicious headers from incoming requests and purged CDN caches to prevent the spread of corrupted responses. The React Router team has released version 7.5.2, which patches these vulnerabilities.
For their safety, users should upgrade to this version and clear external caches.
Read Vercel’s changelog for more information.
Explore the strengths and limitations of Next.js, including its security features and performance considerations with our article, Pros and Cons of Next JS.
Stay ahead of tech trends and subscribe to Frictionless, the newsletter by our CEO, Chris Lojniewski.
