CVE-2025-27610

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.13 Rack versions prior to 3.0.14 Rack versions prior to 3.1.12

Description The issue arises from the Rack::Static component not properly sanitizing user-supplied paths before serving files, allowing encoded path traversal sequences to be used for accessing files outside the designated static file directory. This can lead to exposure of files under the specified root: directory.

Recommendations For versions prior to 2.2.13, update to version 2.2.13 or later. For versions prior to 3.0.14, update to version 3.0.14 or later. For versions prior to 3.1.12, update to version 3.1.12 or later. As a temporary workaround, consider removing usage of Rack::Static, or ensure that root: points to a directory path which only contains files that should be accessed publicly.

Exploit

Fix

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23

Related Identifiers

BDU:2025-02581

CVE-2025-27610

DLA-4090-1

DSA-5886-1

GHSA-7WQH-767X-R66V

MGASA-2025-0311

OESA-2025-1299

OPENSUSE-SU-2025:14876-1

OPENSUSE-SU-2025_0858-1

OPENSUSE-SU-2025_0874-1

OPENSUSE-SU-2026:10286-1

RHSA-2025:3490

RHSA-2025:3491

RHSA-2025:3492

RHSA-2025:4576

SUSE-SU-2025:0858-1

SUSE-SU-2025:0874-1

USN-7366-1

USN-7366-2

Affected Products

Astra Linux

Debian

Linuxmint

Rack

Red Os

Suse

Ubuntu

CVE-2025-27610

Weakness Enumeration

Related Identifiers

Affected Products

References · 103