Security Bulletin: XSS Vulnerability in React Router meta()/Meta APIs During SSR, affects watsonx.data

Summary React Router @remix-run/react 1.15.0–2.17.0, react-router 7.0.0–7.8.2 is vulnerable to XSS in meta/Meta APIs when generating script:ld+json tags in Framework Mode. Arbitrary JavaScript could execute during SSR if untrusted content is used. No impact occurs in Declarative Mode BrowserRoute...

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...