Shell Command Construction Vulnerability in Thor by Rails
CVE-2025-54314

2.8LOW

Key Information:

Vendor: Rubyonrails
Status: Thor
Vendor: CVE Published:; 20 July 2025

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2025-54314?

The Thor library, used for creating command-line interfaces, contains a vulnerability that allows an attacker to construct unsafe shell commands by leveraging library input. This issue arises in versions prior to 1.4.0, posing a risk when untrusted data is processed. Users are strongly advised to upgrade to the latest version to mitigate this security risk and ensure safer command execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Thor 0 < 1.4.0

References

https://github.com/rails/thor/commit/536b79036a0efb765c18...

https://hackerone.com/reports/3260153

https://github.com/rails/thor/pull/897

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2025
Vulnerability Reserved
Jul 20, 2025

JSON

Rubyonrails

What is CVE-2025-54314?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.