PT-2025-33099 · Unknown+1 · Active Record+1

Published

2025-08-13

Updated

2026-03-13

CVE-2025-55193

CVSS v4.0

2.7

Low

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions: Active Record versions prior to 7.1.5.2 Active Record versions prior to 7.2.2.2 Active Record versions prior to 8.0.2.1

Description: Active Record connects classes to relational database tables. The ID passed to find or similar methods may be logged without escaping, potentially including unescaped ANSI sequences if logged directly to the terminal.

Recommendations: Update to Active Record version 7.1.5.2 or later. Update to Active Record version 7.2.2.2 or later. Update to Active Record version 8.0.2.1 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-150

Related Identifiers

CVE-2025-55193

DLA-4416-1

DSA-6090-1

GHSA-76R7-HHXJ-R776

OPENSUSE-SU-2025:15479-1

OPENSUSE-SU-2026:10343-1

OPENSUSE-SU-2026:20025-1

SUSE-SU-2026:20091-1

SUSE-SU-2026:20093-1

Affected Products

Active Record

Debian

PT-2025-33099 · Unknown+1 · Active Record+1

CVE-2025-55193

Weakness Enumeration

Related Identifiers

Affected Products

References · 40