React Router createFileSessionStorage path traversal before 7.9.4/2.17.2
CVE-2025-61686 Published on January 10, 2026
React Router has Path Traversal in File Session Storage
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files. Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information. This issue has been patched in @react-router/node version 7.9.4, @remix-run/deno version 2.17.2, and @remix-run/node version 2.17.2.
Vulnerability Analysis
CVE-2025-61686 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Privileges Required:
NONE
Confidentiality Impact:
HIGH
Availability Impact:
NONE
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2025-61686 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2025-61686
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
remix-run
react-router:
-
Version @react-router/node >= 7.0.0, < 7.9.4
is affected.
-
Version @remix-run/deno < 2.17.2
is affected.
-
Version @remix-run/node < 2.17.2
is affected.
Red Hat
Cryostat 4:
Red Hat
Gatekeeper 3:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Logging Subsystem for Red Hat OpenShift:
Red Hat
Migration Toolkit for Applications 7:
Red Hat
Migration Toolkit for Applications 8:
Red Hat
Migration Toolkit for Containers:
Red Hat
Migration Toolkit for Virtualization:
Red Hat
Migration Toolkit for Virtualization:
Red Hat
Multicluster Engine for Kubernetes:
Red Hat
Multicluster Engine for Kubernetes:
Red Hat
Network Observability Operator:
Red Hat
Network Observability Operator:
Red Hat
Node HealthCheck Operator:
Red Hat
Node HealthCheck Operator:
Red Hat
Node HealthCheck Operator:
Red Hat
Node HealthCheck Operator:
Red Hat
OpenShift Lightspeed:
Red Hat
OpenShift Lightspeed:
Red Hat
OpenShift Pipelines:
Red Hat
OpenShift Pipelines:
Red Hat
OpenShift Pipelines:
Red Hat
OpenShift Pipelines:
Red Hat
OpenShift Pipelines:
Red Hat
OpenShift Service Mesh 2:
Red Hat
OpenShift Service Mesh 2:
Red Hat
OpenShift Service Mesh 3:
Red Hat
OpenShift Service Mesh 3:
Red Hat
OpenShift Service Mesh 3:
Red Hat
OpenShift Service Mesh 3:
Red Hat Advanced Cluster Management for Kubernetes 2:
Red Hat Advanced Cluster Management for Kubernetes 2:
Red Hat Advanced Cluster Management for Kubernetes 2:
Red Hat Advanced Cluster Management for Kubernetes 2:
Red Hat Advanced Cluster Management for Kubernetes 2:
Red Hat Advanced Cluster Management for Kubernetes 2:
Red Hat Advanced Cluster Security 4:
Red Hat Advanced Cluster Security 4:
Red Hat Advanced Cluster Security 4:
Red Hat Advanced Cluster Security 4:
Red Hat Advanced Cluster Security 4:
Red Hat Advanced Cluster Security 4:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat Ansible Automation Platform 2:
Red Hat build of Apache Camel - HawtIO 4:
Red Hat build of Apicurio Registry 2:
Red Hat Build of Kueue:
Red Hat Build of Kueue:
Red Hat Build of Kueue:
Red Hat Build of Kueue:
Red Hat build of OptaPlanner 8:
Red Hat Connectivity Link 1:
Red Hat Data Grid 8:
Red Hat Developer Hub:
Red Hat Discovery 2:
Red Hat Edge Manager 1:
Red Hat Edge Manager 1:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Edge Manager preview:
Red Hat Enterprise Linux 10:
Red Hat Enterprise Linux 8:
Red Hat Enterprise Linux 8:
Red Hat Enterprise Linux 9:
Red Hat Fuse 7:
Red Hat JBoss Enterprise Application Platform 8:
Red Hat JBoss Enterprise Application Platform Expansion Pack:
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift AI (RHOAI):
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat OpenShift Container Platform 4:
Red Hat Openshift Data Foundation 4:
Red Hat Openshift Data Foundation 4:
Red Hat Openshift Data Foundation 4:
Red Hat OpenShift Dev Spaces:
Red Hat OpenShift Dev Spaces:
Red Hat OpenShift distributed tracing 3:
Red Hat OpenShift GitOps:
Red Hat OpenShift GitOps:
Red Hat OpenShift GitOps:
Red Hat OpenShift GitOps:
Red Hat OpenShift GitOps:
Red Hat OpenShift Virtualization 4:
Red Hat OpenShift Virtualization 4:
Red Hat Process Automation 7:
Red Hat Quay 3:
Red Hat Quay 3:
Red Hat Satellite 6:
Red Hat Satellite 6:
Red Hat Satellite 6:
Red Hat Satellite 6:
Red Hat Satellite 6:
Red Hat Single Sign-On 7:
Red Hat Trusted Artifact Signer:
Red Hat Trusted Profile Analyzer:
Vulnerable Packages
The following package name and versions may be associated with CVE-2025-61686
| Package Manager |
Vulnerable Package |
Versions |
Fixed In |
| npm |
@remix-run/deno |
<= 2.17.1 |
2.17.2 |
| npm |
@remix-run/node |
<= 2.17.1 |
2.17.2 |
| npm |
@react-router/node |
>= 7.0.0, <= 7.9.3 |
7.9.4 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.