Log Manipulation Vulnerability in Rack Web Framework
CVE-2025-25184

5.7MEDIUM

Key Information:

Vendor

Rack

Status
Rack
Vendor
CVE Published:
12 February 2025

Badges

đź“° News Worthy

What is CVE-2025-25184?

The Rack web framework allows for manipulation of log entries due to a vulnerability in the Rack::CommonLogger component. Attackers can exploit this by crafting input with newline characters (CRLF), which leads to unauthorized modifications of log entries. This behavior arises when user authentication occurs via Rack::Auth::Basic—the injected credentials may contain CRLF characters that break log formatting or insert misleading entries into the logs. Consequently, this can obscure genuine activity or insert potentially harmful data. Versions 2.2.11, 3.0.12, and 3.1.11 address this issue with critical fixes.

Affected Version(s)

rack < 2.2.11 < 2.2.11

rack >= 3.0, < 3.0.12 < 3.0, 3.0.12

rack >= 3.1, < 3.1.10 < 3.1, 3.1.10

News Articles

favicon imageGBHackers News

Rack Ruby Framework vulnerabilities Let Attackers inject and manipulate log content

Researchers Thai Do and Minh Pham have exposed multiple critical vulnerabilities in the Rack Ruby framework, a cornerstone of Ruby-based web applications.

2 weeks ago

References

https://github.com/rack/rack/security/advisories/GHSA-7g2...
x_refsource_CONFIRM
https://github.com/rack/rack/commit/074ae244430cda05c27ca...
x_refsource_MISC

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • đź“°

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.