Ruby Rack vulnerabilities detailed in research.
Three vulnerabilities have been discovered the Rack framework which could allow unauthorised access to files, and Ruby log content and entries to be manipulated.
Discovered by OPSWAT, the vulnerabilities were detailed as:
CVE-2025-27610 (CVSS score of 7.5) - The most severe vulnerability out of the three discovered is a Path Traversal vulnerability that occurs due to the improper handling of the :root option, which defines the base directory from which the static files will be served.
CVE-2025-27111 (CVSS score of 6.9) - This security flaw allows attackers to inject and manipulate log content through malicious header values. Attackers could insert fraudulent entries, potentially obscuring real activity, or inject malicious data into log files.
CVE-2025-25184 (CVSS score of 5.4) - This vulnerability enables attackers to perform log injections via CRLF (Carriage Return Line Feed) characters, potentially manipulating log entries, masking real activity, or inserting malicious data into log files.
OPSWAT researchers recommended developers update Ruby Rack, as Ruby has fixed the bugs in the newest versions of their software. If you are using Rack, update it immediately to the latest version.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
