CVE-2025-27111
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-27111
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-27111.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 2.2.13-1~deb12u1 |
| debian | bullseye | fixed | 2.1.4-3+deb11u3 |
| debian | forky | fixed | 3.1.12-1 |
| debian | sid | fixed | 3.1.12-1 |
| debian | trixie | fixed | 3.1.12-1 |
References
- https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
- https://www.suse.com/security/cve/CVE-2025-27111.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-27111
- https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
- https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
- https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
- https://github.com/rack/rack
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml
- https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
- https://security-tracker.debian.org/tracker/CVE-2025-27111
Verify integrity in audit chain (admin only). AS-IS.