US EditionRack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) - Help Net Security
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.3 Articles
3 Articles
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) - Help Net Security
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate log content and entries, while the third one – CVE-2025-27610 – is a path traversal vulnerability that may allow attackers to gain unauthorized access to sensitive information. About C…
The Hacker News
unsafe.shResearchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below CVE-2025-27610 (CVSS score: 7.5) - A path traversal
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
To view factuality data please Upgrade to Premium
Ownership
To view ownership data please Upgrade to Vantage
