{"vulnerability": "CVE-2025-2761", "sightings": [{"uuid": "406b477f-0741-4ecd-bb87-ff2f302e5cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114139864929960883", "content": "", "creation_timestamp": "2025-03-10T19:48:43.344439Z"}, {"uuid": "c99a675b-fc62-4eb6-b4ef-28be6c23a05a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27616", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114139864972627449", "content": "", "creation_timestamp": "2025-03-10T19:48:45.688470Z"}, {"uuid": "a6b4116d-f3a2-42f6-8a6f-3f15a54acdc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2761", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-204/", "content": "", "creation_timestamp": "2025-04-07T03:00:00.000000Z"}, {"uuid": "653ede46-d68b-4f83-b55e-d92a7af1bdfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2761", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lpeqkmfsts2j", "content": "", "creation_timestamp": "2025-05-17T14:22:35.586529Z"}, {"uuid": "38b8a361-4d8f-44e4-ad58-41e728ed78e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3lnmxnhnnb22y", "content": "", "creation_timestamp": "2025-04-25T10:00:22.536208Z"}, {"uuid": "d60716cb-da45-4f14-96c8-7b5b98213023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-27610", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lnmzecojf5j2", "content": "", "creation_timestamp": "2025-04-25T10:51:30.436829Z"}, {"uuid": "cc3bfb86-0105-4ac8-8ac3-07092a2a80c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lnn6cahlep2m", "content": "", "creation_timestamp": "2025-04-25T11:59:19.320983Z"}, {"uuid": "c7490a3b-dd44-421d-a6fc-d24e6738b71b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://thehackernews.com/2025/04/researchers-identify-rackstatic.html", "content": "", "creation_timestamp": "2025-04-25T06:57:00.000000Z"}, {"uuid": "008f01fa-139b-4f85-9a02-b1995693d6d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lnnq2hje5s2y", "content": "", "creation_timestamp": "2025-04-25T17:17:07.204000Z"}, {"uuid": "bbd5ad95-1fad-4bfb-89ce-c01f01fa2f6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-27610", "type": "seen", "source": "https://bsky.app/profile/Sempf.infosec.exchange.ap.brid.gy/post/3lnou335z54t2", "content": "", "creation_timestamp": "2025-04-26T04:39:28.082012Z"}, {"uuid": "d013411a-b4eb-4258-aba2-cb477b65c3ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/brideoflinux.bsky.social/post/3loodjeoa7z25", "content": "", "creation_timestamp": "2025-05-08T16:30:38.586360Z"}, {"uuid": "71c61b6e-9ed5-4d54-b8b2-b8a50ef95fb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27611", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo2rxilxrt24", "content": "", "creation_timestamp": "2025-04-30T21:55:53.473381Z"}, {"uuid": "15f775a8-1138-4553-82d7-8ddc220ea966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3lnplzsfbws2x", "content": "", "creation_timestamp": "2025-04-26T11:10:28.200774Z"}, {"uuid": "4115149c-a281-4f76-8b49-aa0909e8187b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3lny6yvvbwn2x", "content": "", "creation_timestamp": "2025-04-29T21:11:18.626338Z"}, {"uuid": "45bf03cb-0047-4d85-ba07-38c97167bc7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://bsky.app/profile/derdreschi84.bsky.social/post/3lopzd6o5tk25", "content": "", "creation_timestamp": "2025-05-09T08:33:26.843376Z"}, {"uuid": "e00add68-7bde-46e7-bca0-552a34b4ba5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2761", "type": "seen", "source": "https://bsky.app/profile/teemutiainen.bsky.social/post/3lqmebk3j3g2x", "content": "", "creation_timestamp": "2025-06-02T08:29:14.068833Z"}, {"uuid": "f51282f3-b18f-4f18-a98c-15f02b42353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27613", "type": "seen", "source": "https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/", "content": "", "creation_timestamp": "2025-07-08T15:02:11.000000Z"}, {"uuid": "9bbe4516-eda3-4ce2-96ab-709fd3fcec17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27614", "type": "seen", "source": "https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/", "content": "", "creation_timestamp": "2025-07-08T15:02:11.000000Z"}, {"uuid": "4487c80b-5f25-448f-b880-19d5e99a8c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://t.me/cvedetector/20000", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27610 - Rack Static Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27610 \nPublished : March 10, 2025, 11:15 p.m. | 22\u00a0minutes ago \nDescription : Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T00:54:04.000000Z"}, {"uuid": "f10dcc84-caea-4488-a104-9e3abe300e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27614", "type": "seen", "source": "https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review", "content": "", "creation_timestamp": "2025-07-08T15:56:31.000000Z"}, {"uuid": "239e44b6-c0f7-4124-a3ff-468b296695b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27613", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvgfa7vai22p", "content": "", "creation_timestamp": "2025-08-02T14:36:26.346653Z"}, {"uuid": "c71b0457-da2a-46f8-af2f-2463b5a96d9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27614", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvghzg2ofk2p", "content": "", "creation_timestamp": "2025-08-02T15:26:18.795524Z"}, {"uuid": "87543307-1ecc-48c3-8935-375d076dba1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "85a52030-77f0-40b9-a552-5101f6e70531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:32.000000Z"}, {"uuid": "fa47afcd-b812-4051-b88d-b9335dc4a4d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27613", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q3/13", "content": "", "creation_timestamp": "2025-07-08T15:11:31.000000Z"}, {"uuid": "f160ca16-6109-42fb-91d6-e07ec89cab9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27614", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q3/13", "content": "", "creation_timestamp": "2025-07-08T15:11:31.000000Z"}, {"uuid": "98c0ba00-8cd7-41ff-9dd7-d5346664c857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27613", "type": "seen", "source": "https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review", "content": "", "creation_timestamp": "2025-07-08T15:56:31.000000Z"}, {"uuid": "fbabc193-2c03-44de-90d1-3bd17b64176b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27612", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "f6b0e140-e4a4-43b9-8449-ed0ed7306d5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7041", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27615\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.\n\ud83d\udccf Published: 2025-03-10T18:47:59.819Z\n\ud83d\udccf Modified: 2025-03-10T19:05:29.676Z\n\ud83d\udd17 References:\n1. https://github.com/umati/umatiGateway/security/advisories/GHSA-qf9w-x9qx-2mq7\n2. https://github.com/umati/umatiGateway/pull/101\n3. https://github.com/umati/umatiGateway/commit/5d81a3412bc0051754a3095d89a06d6d743f2b16\n4. https://github.com/umati/umatiGateway/blob/abe73096a17307327f0d6dc0ed4db1fb93464521/README.md?plain=1#L34-L35", "creation_timestamp": "2025-03-10T19:38:33.000000Z"}, {"uuid": "307165d7-6eb5-4b84-8358-b1436571949f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27615", "type": "seen", "source": "https://t.me/cvedetector/19993", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27615 - umatiGateway Exposed Configuration Interface Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27615 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:49.000000Z"}, {"uuid": "4c4dc1a7-a369-47de-bb51-9b322f24e518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27616", "type": "seen", "source": "https://t.me/cvedetector/19990", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27616 - Vela Pipeline Automation Webhook Spoofing Repository Takeover Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27616 \nPublished : March 10, 2025, 7:15 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:46.000000Z"}, {"uuid": "519c13cf-f0b2-48c6-b12d-b7a2c31477fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27616", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27616\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.\n\ud83d\udccf Published: 2025-03-10T18:56:14.537Z\n\ud83d\udccf Modified: 2025-03-10T18:56:14.537Z\n\ud83d\udd17 References:\n1. https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x\n2. https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5\n3. https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b\n4. https://github.com/go-vela/server/releases/tag/v0.25.3\n5. https://github.com/go-vela/server/releases/tag/v0.26.3", "creation_timestamp": "2025-03-10T19:38:38.000000Z"}, {"uuid": "14273e68-38f6-4e3a-b534-04f3933facdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2761", "type": "seen", "source": "https://t.me/cvedetector/23610", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2761 - GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2761 \nPublished : April 23, 2025, 5:16 p.m. | 59\u00a0minutes ago \nDescription : GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  \n  \nThe specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T21:10:30.000000Z"}, {"uuid": "189e0a3b-dcdf-4603-8d77-9f97fe98c3a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7074", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27610\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.\n\ud83d\udccf Published: 2025-03-10T22:19:25.982Z\n\ud83d\udccf Modified: 2025-03-10T22:19:25.982Z\n\ud83d\udd17 References:\n1. https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v\n2. https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583", "creation_timestamp": "2025-03-10T22:40:19.000000Z"}, {"uuid": "4584ca8e-c43e-4bed-93ba-9132ec764bda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "exploited", "source": "https://t.me/thehackernews/6724", "content": "\ud83d\udc40 Hackers could be one path away from your sensitive files!\n\n\ud83d\udea8 New CVEs expose major flaws in Rack & Infodraw systems:\n\n\ud83d\udd39 CVE-2025-27610 lets attackers read config files & credentials via path traversal.\n\n\ud83d\udd39 Infodraw CVE-2025-43928 allows any file to be read or deleted\u2014no login needed.\n\nLearn more: https://thehackernews.com/2025/04/researchers-identify-rackstatic.html\n\n\ud83d\udd25 Exploits are trivial & patches missing. Systems in Belgium & Luxembourg already hit. Update now or go offline!", "creation_timestamp": "2025-04-25T11:00:58.000000Z"}, {"uuid": "e56911cc-0209-4776-9168-98b9b46e9163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27611", "type": "seen", "source": "https://t.me/cvedetector/24158", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27611 - Base-x Unvalidated User Input Address Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27611 \nPublished : April 30, 2025, 8:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T00:36:57.000000Z"}, {"uuid": "5bfc0208-e90d-46a6-8cd2-1c66055cb5af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://t.me/ton618cyber/8995", "content": "Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers\n\nCVE-2025-27610 allows unauthenticated access to sensitive files in Rack Ruby apps due to root misconfig.\n\nThe Hacker News | thehackernews\u200b.com \u2022 Apr 25, 2025", "creation_timestamp": "2025-04-26T03:07:10.000000Z"}, {"uuid": "66a0bfb0-80fd-43a8-855b-ea2d7536b067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "Telegram/HMAWwcay_4hklj3BM91LAZxDwOui412reXuT0Q0CnkrnI9Zt", "content": "", "creation_timestamp": "2025-03-11T04:41:13.000000Z"}, {"uuid": "9179e703-6154-41db-9c02-00168fb2cb78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "Telegram/AWN4m35sY1ND-5kp9t1H-zdsNvbMEg1ZD7I9szmKxUwpOQ", "content": "", "creation_timestamp": "2025-04-25T12:07:48.000000Z"}, {"uuid": "abff021c-6d37-4f26-ac79-c95939747648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27612", "type": "seen", "source": "https://t.me/cvedetector/20821", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27612 - Libcontainer Capability Elevation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27612 \nPublished : March 21, 2025, 3:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T18:29:09.000000Z"}, {"uuid": "9b477500-92b7-4871-8a31-47c0bb70b85c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27610", "type": "seen", "source": "https://t.me/ton618cyber/3637", "content": "Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers\n\nCVE-2025-27610 allows unauthenticated access to sensitive files in Rack Ruby apps due to root misconfig.\n\nThe Hacker News | thehackernews\u200b.com \u2022 Apr 25, 2025", "creation_timestamp": "2025-04-26T03:07:08.000000Z"}]}