CVE-2025-61594

HIGH

URI <1.0.4 - Auth Bypass

Title source: llm

Description

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.

References (9)

[X_Refsource_Confirm] https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r

[X_Refsource_Misc] https://hackerone.com/reports/2957667

[X_Refsource_Misc] https://github.com/advisories/GHSA-22h5-pq3x-2gf2

[X_Refsource_Misc] https://www.ruby-lang.org/en/news/2025/02/26/security-advisories

[Various Sources] https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml

View Writeup ZIP pw:eip

[Various Sources] https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/

[Patch] https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902

View Patch ZIP pw:eip

[Patch] https://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c

[Patch] https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a

Scores

CVSS v3 7.5

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-212

Status published

Products (5)

ruby/uri < 0.12.5

ruby/uri >= 0.13.0, < 0.13.3

ruby/uri >= 1.0.0, < 1.0.4

ruby-lang/uri < 0.12.5

rubygems/uri 0 - 0.12.5RubyGems

Published Dec 30, 2025

Tracked Since Feb 18, 2026