平台
ruby
组件
rack
修复版本
2.2.20
3.1.1
3.2.1
2.2.19
CVE-2025-61772 describes a Denial of Service (DoS) vulnerability within the Rack::Multipart::Parser component of the Rack library. An attacker can trigger this vulnerability by sending a malformed multipart request with a header block that lacks the required blank line terminator (CRLFCRLF), leading to memory exhaustion. This affects Rack versions 2.2.9 and earlier; a fix is available in version 2.2.19.
The primary impact of CVE-2025-61772 is a denial of service. An attacker can craft a specially designed multipart request that causes the Rack::Multipart::Parser to continuously append data to memory without any size limits. This unbounded memory allocation can quickly exhaust available resources, leading to application crashes, service unavailability, and potentially impacting other services sharing the same infrastructure. The attack is relatively simple to execute, requiring only the ability to send HTTP requests. Successful exploitation could disrupt critical web applications relying on Rack, potentially causing significant operational downtime.
CVE-2025-61772 was publicly disclosed on 2025-10-07. There is no indication of active exploitation or inclusion in the CISA KEV catalog at the time of writing. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's simplicity, increasing the risk of exploitation. The NVD entry is available and provides further details.
Applications built using the Ruby Rack framework, particularly those handling file uploads or multipart form data, are at risk. Shared hosting environments where multiple applications share the same Rack instance are especially vulnerable, as one application's exploitation could impact others. Legacy applications using older Rack versions are also at increased risk.
• ruby / server: Monitor Rack process memory usage using tools like ps or top. Look for sudden spikes in memory consumption.
ps aux | grep rack | grep -v grep | awk '{print $6}' | sort -n• ruby / server: Examine application logs for errors related to memory allocation or parsing multipart requests.
• generic web: Use curl to send a crafted multipart request with a missing CRLF terminator and observe the server's response and resource usage.
curl -F '[email protected]' -F 'header=some_header' http://your-rack-app/upload• ruby / server: Use a Ruby debugger to step through the Rack::Multipart::Parser code and observe the memory allocation behavior when processing malformed multipart requests.
disclosure
漏洞利用状态
EPSS
0.19% (41% 百分位)
CISA SSVC
CVSS 向量
The recommended mitigation for CVE-2025-61772 is to upgrade to Rack version 2.2.19 or later, which includes a fix for the unbounded memory allocation. If upgrading is not immediately feasible, consider implementing input validation to reject multipart requests with excessively long header blocks. Web Application Firewalls (WAFs) can be configured to filter requests with unusually large header sizes. Monitoring memory usage on the affected systems is also crucial to detect potential DoS attacks. While a direct detection signature is difficult, monitoring for unusually high memory consumption by the Rack process is a viable workaround.
Actualice la gema Rack a la versión 2.2.19, 3.1.17 o 3.2.2 o superior. Esto limitará el tamaño de los encabezados multipart por parte. Como alternativa, restrinja el tamaño máximo de las solicitudes en el proxy o en el servidor web (por ejemplo, Nginx `client_max_body_size`).
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-61772 is a denial-of-service vulnerability in the Rack::Multipart::Parser component of the Rack library, allowing attackers to exhaust memory by sending malformed multipart requests.
You are affected if you are using Rack versions 2.2.9 or earlier. Upgrade to 2.2.19 or later to resolve the vulnerability.
Upgrade to Rack version 2.2.19 or later. As a temporary workaround, implement input validation to reject multipart requests with excessively long headers.
There is currently no confirmed evidence of active exploitation, but the vulnerability's simplicity suggests a risk of future attacks.
Refer to the official Rack project website and security advisories for the latest information and updates regarding CVE-2025-61772.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 Gemfile.lock 文件,立即知道是否受影响。