WRITEUP

WRITEUP

Exploit for CVE-2025-61594 - URI <1.0.4 - Auth Bypass

AI Analysis

This patch addresses CVE-2025-27221 in Ruby's URI library, fixing a vulnerability where user info (credentials) could persist when authority components (host/port) were updated. The patch ensures user info is cleared when host or port is set, preventing credential leakage.

Attack Type

info_leak

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902

Authors

Nobuyoshi Nakada

Vulnerability

CVE-2025-61594

URI <1.0.4 - Auth Bypass

HIGH

CVSS 7.5