CVE-2025-61921

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Sinatra versions prior to 4.2.0

Description Sinatra, a domain-specific language for creating web applications in Ruby, contains an issue where carefully crafted input can cause excessive processing time during the parsing of If-Match and If-None-Match headers. This occurs when the etag method is used to construct responses, potentially leading to a denial of service. The If-Match and If-None-Match headers are typically used in generating the ETag header value.

Recommendations Update to Sinatra version 4.2.0 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-400

Related Identifiers

BDU:2026-02917

CVE-2025-61921

GHSA-MR3Q-G2MV-MR4Q

Affected Products

Debian

Sinatra

CVE-2025-61921

Weakness Enumeration

Related Identifiers

Affected Products

References · 30