April 25, 2025 By Zeljka Zorz
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others).
Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate log content and entries, while the third one – CVE-2025-27610 – is a path traversal vulnerability that may allow attackers to gain unauthorized access to sensitive information.
