3.2 CVE-2025-27221
Enriched by CISA
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
https://nvd.nist.gov/vuln/detail/CVE-2025-27221
Categories
CWE-212 : Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. Tools are available to analyze documents(such as PDF, Word, etc.) to look for private informationsuch as names, addresses, etc.Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties. Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible. Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state. product does not remove EXIF data from images, which can include GPS coordinates Customer relationship management (CRM) product does not strip Exif data from images Cryptography library does not clear heap memory before release Some image editors modify a JPEG image, but the original EXIF thumbnail image is left intact within the JPEG. (Also an interaction error). NAT feature in firewall leaks internal IP addresses in ICMP error messages.
References
af854a3a-2127-422b-91ae-364da2661108
| https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html |
| https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html |
cve@mitre.org
| https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-272... Third Party Advisory |
| https://hackerone.com/reports/2957667 Permissions Required |
AFFECTED (from MITRE)
| Vendor | Product | Versions |
|---|---|---|
| ruby-lang | URI |
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. | ||
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:* | < 0.11.3 | |
| cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:* | >= 0.12.0 | < 0.12.4 |
| cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:* | >= 0.13.0 | < 0.13.2 |
| cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:* | >= 1.0.0 | < 1.0.3 |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| 168 | Windows ::DATA Alternate Data Stream |
Medium |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
