CVE-2025-25184
Log Manipulation vulnerability in rack (RubyGems)
What is CVE-2025-25184 About?
This vulnerability allows for log manipulation in 'Rack::CommonLogger' through the injection of newline characters into log entries. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data. Exploitation is relatively easy, requiring only carefully crafted input.
Affected Software
- rack
- >=3.1, <3.1.10
- <2.2.11
- >=3.0, <3.0.12
Technical Details
The vulnerability arises when Rack::CommonLogger processes usernames provided via Rack::Auth::Basic. If an attacker crafts a username containing newline (CRLF) characters, these characters, along with any subsequent malicious content, are directly logged into the log file. This allows an attacker to inject arbitrary content into new log lines or modify the format of existing log entries, leveraging the logging mechanism as a vector for data injection.
What is the Impact of CVE-2025-25184?
Successful exploitation may allow attackers to obscure legitimate system activities, inject misleading information into log files, or disrupt log analysis and monitoring processes. This can hinder incident response, forensic investigations, and overall system security.
What is the Exploitability of CVE-2025-25184?
Exploitation of this vulnerability is of low complexity. It requires no authentication to log crafted input if a user creation or login attempt is possible, and only regular user privileges are needed to supply the malicious username. This is a remote vulnerability, as the attacker simply needs to submit a crafted username. The primary constraint is the system's acceptance of CRLF characters within usernames, which is a common oversight. The likelihood of exploitation increases if applications do not properly sanitize user-supplied input before it is passed to logging functions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-25184?
Available Upgrade Options
- rack
- <2.2.11 → Upgrade to 2.2.11
- rack
- >=3.0, <3.0.12 → Upgrade to 3.0.12
- rack
- >=3.1, <3.1.10 → Upgrade to 3.1.10
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
- https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
- https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
- https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml
- https://github.com/rack/rack
- https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
- https://osv.dev/vulnerability/GHSA-7g2v-jj9q-g3rg
- https://nvd.nist.gov/vuln/detail/CVE-2025-25184
- https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
What are Similar Vulnerabilities to CVE-2025-25184?
Similar Vulnerabilities: CVE-2022-30123 , CVE-2023-49280 , CVE-2021-38379
