CVE-2025-25186

medium

Published 2025-02-10 · Modified 2025-07-03

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2

—

VIR risk

5.5

Description

Moderate: ruby:3.3 security update

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-10217.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2349700

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2349699

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2344680

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:10217

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-25186

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:4493

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-25186.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:10217

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:4493

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
sles		affected
rocky	9	fixed
debian	bookworm	affected
debian	forky	fixed	`3.3.8-1`
debian	sid	fixed	`3.3.8-1`
debian	trixie	fixed	`3.3.8-1`

Ecosystem	Package	Vulnerable	Fixed
RubyGems	net-imap	`!< 0.3.2\|\|<~> 0.3.8`	`~> 0.3.8`
RubyGems	net-imap	`>=0.3.2,<0.3.8`	`0.3.8`
RubyGems	net-imap	`>=0.4.0,<0.4.19`	`0.4.19`
RubyGems	net-imap	`>=0.5.0,<0.5.6`	`0.5.6`

Verify integrity in audit chain (admin only). AS-IS.