Plateforme
ruby
Composant
rack
Corrigé dans
2.2.21
3.0.1
3.2.1
2.2.20
CVE-2025-61919 describes a Denial of Service (DoS) vulnerability within the Ruby Rack framework. This flaw arises from the Rack::Request#POST method's handling of large application/x-www-form-urlencoded requests, which can lead to memory exhaustion. The vulnerability impacts Rack versions 2.2.9 and earlier, and a fix is available in version 2.2.20.
An attacker can exploit this vulnerability by sending a large POST request with the application/x-www-form-urlencoded Content-Type. The Rack framework, without proper length or memory limits, reads the entire request body into memory. This can quickly exhaust available memory resources, leading to a denial of service. The impact is significant as it can render the application unresponsive, potentially disrupting services and impacting users. The severity stems from the ease of triggering the vulnerability – simply crafting a large POST request is sufficient. This is similar to other memory exhaustion vulnerabilities where attackers can leverage oversized inputs to crash services.
This CVE was published on 2025-10-10. There is currently no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's simplicity suggests it could be easily exploited. The EPSS score is likely to be assessed as medium due to the ease of exploitation and potential impact.
Applications and services relying on the Ruby Rack framework, particularly those handling user-supplied data via POST requests, are at risk. This includes web applications, APIs, and microservices built with Ruby on Rails or other Rack-based frameworks. Shared hosting environments where Rack is used are also particularly vulnerable, as an attacker could potentially exploit this vulnerability through a compromised application on the same server.
• ruby / server:
ps aux | grep rack• ruby / server:
journalctl -u rack -f | grep "read(nil)"• generic web: Use a WAF or proxy to monitor for unusually large POST requests (Content-Length > 1MB) with Content-Type: application/x-www-form-urlencoded.
disclosure
Statut de l'Exploit
EPSS
0.22% (percentile 44%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-61919 is to upgrade to Rack version 2.2.20 or later, which includes a fix for this memory exhaustion issue. If upgrading is not immediately feasible, consider implementing a reverse proxy or WAF with request size limits. Configure the proxy or WAF to reject requests exceeding a reasonable size threshold (e.g., 1MB or 2MB) for application/x-www-form-urlencoded requests. Additionally, review application code to ensure it handles large POST requests gracefully and doesn't rely on unbounded memory allocation. After upgrading, confirm the fix by sending a large POST request and verifying that the application does not crash or exhibit signs of memory exhaustion.
Actualice la gema Rack a la versión 2.2.20, 3.1.18 o 3.2.3 o superior. Esto corrige la vulnerabilidad de denegación de servicio por agotamiento de memoria. Como medida adicional, configure límites estrictos de tamaño máximo del cuerpo de la solicitud en su proxy o servidor web (por ejemplo, Nginx `client_max_body_size`, Apache `LimitRequestBody`).
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-61919 is a denial-of-service vulnerability in the Ruby Rack framework where large POST requests can exhaust memory, leading to application crashes. It affects versions 2.2.9 and earlier.
You are affected if you are using Rack version 2.2.9 or earlier. Check your Rack version and upgrade if necessary.
Upgrade to Rack version 2.2.20 or later. As a temporary workaround, implement request size limits using a reverse proxy or WAF.
There is currently no confirmed active exploitation, but the vulnerability's simplicity suggests it could be easily exploited.
Refer to the official Ruby Rack project website and security advisories for updates and further information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier Gemfile.lock et nous te dirons instantanément si tu es affecté.