Plataforma
ruby
Componente
oxidized-web
Corrigido em
0.15.0
CVE-2025-27590 is a critical Remote Code Execution (RCE) vulnerability affecting Oxidized Web versions 0.0 through 0.14.0. An unauthenticated attacker can exploit this flaw to gain complete control over the Linux user account under which Oxidized Web is running, potentially compromising the entire system. The vulnerability resides within the RANCID migration page and has been resolved in version 0.15.0.
The impact of CVE-2025-27590 is severe. Successful exploitation allows an attacker to execute arbitrary commands with the privileges of the Oxidized Web user. This could lead to complete system compromise, including data exfiltration, malware installation, and lateral movement within the network. Given Oxidized Web's role in network device configuration management, an attacker could potentially modify device configurations, disrupt network operations, or gain access to sensitive configuration data. The lack of authentication required for exploitation significantly broadens the attack surface.
CVE-2025-27590 was publicly disclosed on 2025-03-03. The vulnerability's ease of exploitation and the potential for significant impact suggest a medium probability of exploitation. No public proof-of-concept code has been released as of this writing, but the vulnerability's simplicity makes it likely that exploits will emerge. It is not currently listed on CISA KEV.
Organizations utilizing Oxidized Web for network device configuration management are at risk, particularly those running versions 0.0 through 0.14.0. Environments with limited network segmentation or inadequate access controls are especially vulnerable, as an attacker could potentially exploit this vulnerability from outside the internal network.
• ruby / server:
grep -r 'rancid_migration' /opt/oxidized/web/• generic web:
curl -I http://<oxidized_server>/rancid_migration | grep Serverdisclosure
Status do Exploit
EPSS
1.38% (percentil 80%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-27590 is to immediately upgrade Oxidized Web to version 0.15.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the RANCID migration page via a firewall or web application proxy. Carefully review and restrict the permissions of the Oxidized Web user account to minimize potential damage in the event of a compromise. Monitor system logs for suspicious activity related to the RANCID migration page.
Atualize Oxidized Web para a versão 0.15.0 ou superior. Esta versão corrige a vulnerabilidade que permite a usuários não autenticados obter controle sobre a conta de usuário Linux que executa Oxidized Web. A atualização pode ser realizada baixando a nova versão do repositório oficial e seguindo as instruções de instalação.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-27590 is a critical vulnerability in Oxidized Web versions 0.0 - 0.14.0 that allows unauthenticated users to execute arbitrary code on the system, potentially leading to complete compromise.
Yes, if you are running Oxidized Web versions 0.0 through 0.14.0, you are affected by this vulnerability. Upgrade to 0.15.0 or later immediately.
The recommended fix is to upgrade Oxidized Web to version 0.15.0 or later. If upgrading is not possible, restrict access to the RANCID migration page.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests a high likelihood of exploitation in the near future.
Refer to the Oxidized Web project's official website and GitHub repository for the latest security advisories and updates: https://oxidized.io/
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo Gemfile.lock e descubra na hora se você está afetado.