Platform
ruby
Component
rack
Opgelost in
2.2.13
3.0.1
3.1.1
2.2.12
CVE-2025-27111 describes a log injection vulnerability within the Ruby Rack framework. This flaw allows attackers to manipulate log entries by injecting escape sequences into the X-Sendfile-Type header, potentially obscuring malicious activity and hindering security investigations. The vulnerability affects Rack versions 2.2.9 and earlier, and a fix is available in version 2.2.12.
The primary impact of CVE-2025-27111 is the ability to distort log files. By injecting newline characters or other escape sequences into the X-Sendfile-Type header, an attacker can alter the content of Rack's log entries. This can be used to hide the attacker's actions, making it more difficult to detect and respond to security incidents. The vulnerability's impact extends beyond simple log modification; it can actively impede security auditing and forensic analysis, allowing attackers to operate with greater stealth. The ability to manipulate logs represents a significant compromise in visibility and control over the application's security posture.
CVE-2025-27111 was publicly disclosed on March 4, 2025. There is currently no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) exploits have been released. The vulnerability is not currently listed on the CISA KEV catalog.
Applications utilizing Rack versions 2.2.9 or earlier, particularly those handling user-supplied data in the X-Sendfile-Type header, are at risk. This includes web applications deployed on Ruby on Rails and other frameworks that rely on Rack.
• ruby / server:
grep -r 'X-Sendfile-Type' /var/log/ruby/*• ruby / server:
journalctl -u ruby | grep 'X-Sendfile-Type'• generic web: curl -I <yourrackapplication_url> | grep 'X-Sendfile-Type'
disclosure
Exploit Status
EPSS
0.43% (62% percentiel)
CISA SSVC
The recommended mitigation for CVE-2025-27111 is to upgrade to Rack version 2.2.12 or later, which includes a fix for the vulnerability. If upgrading is not immediately feasible, consider removing the usage of Rack::Sendfile entirely from your application. This will prevent the vulnerable header from being processed. As a temporary workaround, input validation on the X-Sendfile-Type header could be implemented to sanitize potentially malicious characters, but this is not a substitute for upgrading. After upgrading, confirm the fix by sending a request with a crafted X-Sendfile-Type header containing newline characters and verifying that the log entry does not contain the injected characters.
Actualice la gema Rack a la versión 2.2.12, 3.0.13 o 3.1.11, o superior. Esto se puede hacer ejecutando `gem update rack` en la línea de comandos. Asegúrese de que su Gemfile refleje la versión actualizada.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-27111 is a log injection vulnerability in Ruby Rack versions 2.2.9 and earlier, allowing attackers to manipulate log entries by injecting escape sequences into the X-Sendfile-Type header.
You are affected if you are using Ruby Rack version 2.2.9 or earlier. Upgrade to 2.2.12 or remove Rack::Sendfile to mitigate.
Upgrade to Ruby Rack version 2.2.12 or later. Alternatively, remove the usage of Rack::Sendfile from your application.
There is currently no indication of active exploitation campaigns targeting CVE-2025-27111.
Refer to the official Ruby Rack project website and security advisories for the latest information on CVE-2025-27111.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je Gemfile.lock-bestand en we vertellen je direct of je getroffen bent.