प्लेटफ़ॉर्म
ruby
घटक
rack
में ठीक किया गया
2.2.21
3.0.1
3.2.1
2.2.20
A vulnerability has been identified in the Rack library, specifically within the Rack::Sendfile middleware, affecting versions up to 2.2.9. This information disclosure vulnerability arises when Rack is deployed behind a proxy server that utilizes x-sendfile headers. Maliciously crafted headers can trick Rack into sending internal requests, potentially circumventing proxy-level access controls. A fix is available in version 2.2.20.
The core of this vulnerability lies in Rack's handling of x-sendfile-type and x-accel-mapping headers. When these headers, typically used for proxy acceleration, are received from an untrusted source (e.g., a client), Rack incorrectly interprets them as proxy configuration directives. This misinterpretation allows an attacker to manipulate Rack's behavior, causing it to send redirect responses to internal resources that would normally be protected by the proxy. The potential impact includes unauthorized access to sensitive data or internal services that are not directly exposed to the internet. While not a direct remote code execution (RCE) vulnerability, the ability to bypass proxy restrictions can significantly expand an attacker's reach within a network.
This vulnerability was publicly disclosed on 2025-10-10. There is currently no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released. The vulnerability's impact is contingent on the presence of a proxy server using x-sendfile headers, which limits its applicability. Its severity is rated as medium.
Applications and services relying on the Rack library and deployed behind proxy servers (e.g., Nginx, Apache) are at risk. This includes Ruby on Rails applications and other web frameworks that utilize Rack. Shared hosting environments where Rack is used and proxy configurations are not fully controlled by the application developer are particularly vulnerable.
• ruby / server:
grep -r 'x-sendfile-type' /var/log/nginx/access.log
grep -r 'x-accel-mapping' /var/log/apache2/access.log• generic web:
curl -I <target_url> | grep 'x-sendfile-type'
curl -I <target_url> | grep 'x-accel-mapping'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (10% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-61780 is to upgrade to Rack version 2.2.20 or later, which includes the fix for this information disclosure vulnerability. If upgrading is not immediately feasible, consider implementing stricter input validation on the proxy server to sanitize or reject potentially malicious x-sendfile headers. Web application firewalls (WAFs) configured to inspect and filter HTTP headers can also provide a layer of defense. Monitor proxy access logs for unusual redirect patterns or requests to internal resources. After upgrading, confirm the fix by sending a crafted x-sendfile header and verifying that Rack no longer attempts to send an internal redirect.
Actualice la gema Rack a la versión 2.2.20 o superior. Como alternativa, configure su proxy para establecer o eliminar siempre los encabezados `x-sendfile-type` y `x-accel-mapping`. En aplicaciones Rails, puede deshabilitar sendfile por completo.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-61780 is an information disclosure vulnerability in Rack versions 2.2.9 and below. Malicious headers can bypass proxy access controls, potentially exposing internal resources.
You are affected if you are using Rack version 2.2.9 or earlier and your application is deployed behind a proxy server that uses x-sendfile headers.
Upgrade to Rack version 2.2.20 or later to resolve this vulnerability. Consider implementing stricter input validation on your proxy server as an interim measure.
There is currently no evidence of active exploitation campaigns targeting CVE-2025-61780.
Refer to the official Rack project website and security advisories for the latest information and updates regarding CVE-2025-61780.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी Gemfile.lock फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।