Ubuntu update for ruby-rack
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2025-25184 CVE-2025-27111 CVE-2025-27610 |
| CWE-ID | CWE-93 CWE-117 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system ruby-rack (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) CRLF injection
EUVDB-ID: #VU105794
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-25184
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to manipulate data log entries.
The vulnerability exists due to insufficient validation of attacker-supplied data in Rack::CommonLogger. A remote user can pass specially crafted authorization credentials containing CR-LF characters to the Rack::Auth::Basic method, which stores this info into the to the env['REMOTE_USER'] variable. If the application accepts CR-LF characters in user name, a remote user can manipulate data log entries.
Update the affected package ruby-rack to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
ruby-rack (Ubuntu package): before Ubuntu Pro
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ruby-rack_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7366-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Output Neutralization for Logs
EUVDB-ID: #VU105795
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-27111
CWE-ID:
CWE-117 - Improper Output Neutralization for Logs
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate log entries.
The vulnerability exists due to improper input validation of the X-Sendfile-Type header in Rack::Sendfile when handling. A remote attacker can send specially crafted data containing newline characters via the affected header and manipulate log files.
Update the affected package ruby-rack to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
ruby-rack (Ubuntu package): before Ubuntu Pro
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7366-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU105796
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-27610
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in Rack::Static. A remote attacker can read arbitrary files on the system.
MitigationUpdate the affected package ruby-rack to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 24.10
ruby-rack (Ubuntu package): before Ubuntu Pro
CPE2.3 External linkshttps://ubuntu.com/security/notices/USN-7366-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
