CVE-2025-27610Relative Path Traversal in Rack

CWE-23Relative Path Traversal10 documents6 sources
Severity
7.5HIGHNVD
OSV5.7
EPSS
0.7%
top 27.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RackDebian Ruby-rack
Timeline
PublishedMar 10
Latest updateJul 23

Description

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/ruby-rack< ruby-rack 2.2.13-1~deb12u1 (bookworm)
NVDrack/rack3.0.03.0.14+2
RubyGemsrack/rack3.03.0.14+2
CVEListV5rack/rack>= 3.0, < 3.0.14, >= 3.1, < 3.1.12+1

Patches

Patch: github.com

🔴Vulnerability Details

5
OSV
ruby-rack vulnerabilities2025-07-23
OSV
ruby-rack vulnerabilities2025-03-24
OSV
CVE-2025-27610: Rack provides an interface for developing web applications in Ruby2025-03-10
OSV
Local File Inclusion in Rack::Static2025-03-10
GHSA
Local File Inclusion in Rack::Static2025-03-10

📋Vendor Advisories

4
Ubuntu
Rack vulnerabilities2025-07-23
Ubuntu
Rack vulnerabilities2025-03-24
Red Hat
rack: rubygem-rack: Local File Inclusion in Rack::Static2025-03-10
Debian
CVE-2025-27610: ruby-rack - Rack provides an interface for developing web applications in Ruby. Prior to ver...2025