CVE-2025-27111 — CRLF Injection in Rack

CWE-93 — CRLF Injection CWE-117 — Improper Output Neutralization for Logs10 documents6 sources

Severity

6.9MEDIUMNVD

OSV5.7

EPSS

0.7%

top 28.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rack Debian Ruby-rack

Timeline

PublishedMar 4

Latest updateJul 23

Description

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

▶debiandebian/ruby-rack< ruby-rack 2.2.13-1~deb12u1 (bookworm)

▶NVDrack/rack3.0.0 — 3.0.13+2

▶RubyGemsrack/rack3.0 — 3.0.13+2

▶CVEListV5rack/rack>= 3.0, < 3.0.13, >= 3.1, < 3.1.11+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ruby-rack vulnerabilities↗2025-07-23

▶

OSV

ruby-rack vulnerabilities↗2025-03-24

▶

GHSA

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection↗2025-03-04

▶

OSV

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection↗2025-03-04

▶

OSV

CVE-2025-27111: Rack is a modular Ruby web server interface↗2025-03-04

▶

📋Vendor Advisories

Ubuntu

Rack vulnerabilities↗2025-07-23

▶

Ubuntu

Rack vulnerabilities↗2025-03-24

▶

Red Hat

rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection↗2025-03-04

▶

Debian

CVE-2025-27111: ruby-rack - Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs ...↗2025

▶