CVE-2025-61594

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ruby versions prior to 3.4.7

Description The URI gem contained a flaw that allowed for credential leakage, bypassing previous fixes. This issue impacts systems utilizing the URI gem and could potentially expose sensitive information.

Recommendations Update to Ruby version 3.4.7 or later. Update the uri gem to the latest version.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212CWE-200

Related Identifiers

ALSA-2025:23062

ALSA-2025:23063

ALSA-2025:23141

AZL-73356

AZL-73391

BDU:2026-06689

CVE-2025-61594

ECHO-708D-96AD-F256

GHSA-J4PR-3WM6-XX2R

OESA-2025-2655

OPENSUSE-SU-2025:15614-1

USN-8137-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ruby

Ubuntu

CVE-2025-61594

Weakness Enumeration

Related Identifiers

Affected Products

References · 72