Remix Run Deno
1 CVEs
product
Monthly
React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.
Path Traversal
React Router Node
Remix Run Deno
Remix Run Node
NVD
GitHub
VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-61686
npm
EPSS 0%
CVSS 9.1
CRITICAL
PATCH
Act Now
React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.
Path Traversal
React Router Node
Remix Run Deno
+1
NVD
GitHub
VulDB