Information Disclosure in Rack's Sendfile Feature on Ruby Web Server Interfaces
CVE-2025-61780

5.8MEDIUM

Key Information:

Vendor

Rack

Status
Rack
Vendor
CVE Published:
10 October 2025

What is CVE-2025-61780?

An information disclosure vulnerability exists in Rack's Sendfile feature, affecting applications that use this middleware behind a proxy like Nginx. When misconfigured, specially crafted headers can trick Rack::Sendfile into executing unintended internal requests, thereby bypassing crucial proxy-level access restrictions. This occurs when the proxy misinterprets untrusted 'x-sendfile-type' or 'x-accel-mapping' headers, possibly exposing sensitive application routes and admin pages. Users are advised to upgrade Rack to versions 2.2.20, 3.1.18, or 3.2.3 and to ensure appropriate configuration of proxy headers to mitigate this risk.

Affected Version(s)

rack < 2.2.20 < 2.2.20

rack >= 3.0, < 3.1.18 < 3.0, 3.1.18

rack >= 3.2, < 3.2.3 < 3.2, 3.2.3

References

https://github.com/rack/rack/security/advisories/GHSA-r65...
x_refsource_CONFIRM
https://github.com/rack/rack/commit/57277b7741581fa827472...
x_refsource_MISC
https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9...
x_refsource_MISC

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.