CVE-2025-27610

EPSS 0.32%
Veröffentlicht 10.03.2025 23:15:35
Zuletzt bearbeitet 03.11.2025 22:18:43
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rack ≫ Rack SwPlatformruby Version < 2.2.13

Rack ≫ Rack SwPlatformruby Version >= 3.0.0 < 3.0.14

Rack ≫ Rack SwPlatformruby Version >= 3.1.0 < 3.1.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.542

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583

Patch

https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v

Vendor Advisory

Mitigation

https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html

https://nvd.nist.gov/vuln/detail/CVE-2025-27610

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27610

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27610

EUVD