CVE-2025-25184

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.11, 3.0.12, and 3.1.11

Description Rack provides an interface for developing web applications in Ruby. The issue occurs when a server intentionally or unintentionally allows a user creation with the username containing CRLF and white space characters, or the server just wants to log every login attempt. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files.

Recommendations

Update to version 2.2.11 or later for Rack version 2.2.x
Update to version 3.0.12 or later for Rack version 3.0.x
Update to version 3.1.11 or later for Rack version 3.1.x As a temporary workaround, consider restricting the use of Rack::CommonLogger until a patch is available. Avoid using the env['REMOTE USER'] variable in the affected API endpoint until the issue is resolved.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-117CWE-93

Related Identifiers

BDU:2025-07021

CVE-2025-25184

DLA-4090-1

DSA-5886-1

GHSA-7G2V-JJ9Q-G3RG

INFSA-2025_7085

MGASA-2025-0311

OESA-2025-1299

OPENSUSE-SU-2025:14811-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2025_0858-1

OPENSUSE-SU-2025_0874-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

RHSA-2025:7085

RHSA-2025_7085

SUSE-SU-2025:0858-1

SUSE-SU-2025:0874-1

SUSE-SU-2025_0874-1

USN-7366-1

USN-7366-2

Affected Products

Debian

Linuxmint

Rack

Red Hat

Red Os

Suse

Ubuntu

CVE-2025-25184

Weakness Enumeration

Related Identifiers

Affected Products

References · 86