PT-2025-9682 · Rack+5 · Rack+5

Masamuneee

Published

2025-03-04

Updated

2026-03-13

CVE-2025-27111

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.12 Rack versions prior to 3.0.13 Rack versions prior to 3.1.11

Description The issue concerns the Rack::Sendfile middleware, which logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences, such as newline characters, into the header, resulting in log injection.

Recommendations For versions prior to 2.2.12, update to version 2.2.12 or later. For versions prior to 3.0.13, update to version 3.0.13 or later. For versions prior to 3.1.11, update to version 3.1.11 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-117CWE-93

Related Identifiers

BDU:2025-04293

CVE-2025-27111

DLA-4090-1

DSA-5886-1

GHSA-8CGQ-6MH2-7J6V

MGASA-2025-0311

OESA-2025-1299

OPENSUSE-SU-2025:14859-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2025_0874-1

OPENSUSE-SU-2025_1492-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

SUSE-SU-2025:0874-1

SUSE-SU-2025:1492-1

USN-7366-1

USN-7366-2

Affected Products

Debian

Linuxmint

Rack

Red Os

Suse

Ubuntu

PT-2025-9682 · Rack+5 · Rack+5

CVE-2025-27111

Weakness Enumeration

Related Identifiers

Affected Products

References · 89