UBUNTU-CVE-2025-61594
- Source
- https://ubuntu.com/security/CVE-2025-61594
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61594.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-61594
- Upstream
- Published
- 2025-12-30T21:15:00Z
- Modified
- 2026-01-20T18:35:11.584626Z
- Severity
-
- 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the
+operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue. - References
-
- https://ubuntu.com/security/CVE-2025-61594
- https://www.cve.org/CVERecord?id=CVE-2025-61594
- https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/
- https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902
- https://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c
- https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml
Affected packages
Ubuntu:22.04:LTS
ruby3.0
Package
- Name
- ruby3.0
- Purl
- pkg:deb/ubuntu/ruby3.0@3.0.2-7ubuntu2.11?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.2-5ubuntu1
3.0.2-7
3.0.2-7ubuntu2
3.0.2-7ubuntu2.1
3.0.2-7ubuntu2.2
3.0.2-7ubuntu2.3
3.0.2-7ubuntu2.4
3.0.2-7ubuntu2.5
3.0.2-7ubuntu2.6
3.0.2-7ubuntu2.7
3.0.2-7ubuntu2.8
3.0.2-7ubuntu2.10
3.0.2-7ubuntu2.11
Ecosystem specific
{
"priority_reason": "This is a low severity issue",
"binaries": [
{
"binary_version": "3.0.2-7ubuntu2.11",
"binary_name": "libruby3.0"
},
{
"binary_version": "3.0.2-7ubuntu2.11",
"binary_name": "ruby3.0"
},
{
"binary_version": "3.0.2-7ubuntu2.11",
"binary_name": "ruby3.0-dev"
}
]
}Ubuntu:24.04:LTS
ruby3.2
Package
- Name
- ruby3.2
- Purl
- pkg:deb/ubuntu/ruby3.2@3.2.3-1ubuntu0.24.04.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.2.3-1
3.2.3-1build2
3.2.3-1build3
3.2.3-1ubuntu0.24.04.1
3.2.3-1ubuntu0.24.04.3
3.2.3-1ubuntu0.24.04.5
3.2.3-1ubuntu0.24.04.6
Ecosystem specific
{
"priority_reason": "This is a low severity issue",
"binaries": [
{
"binary_version": "3.2.3-1ubuntu0.24.04.6",
"binary_name": "libruby3.2"
},
{
"binary_version": "3.2.3-1ubuntu0.24.04.6",
"binary_name": "ruby3.2"
},
{
"binary_version": "3.2.3-1ubuntu0.24.04.6",
"binary_name": "ruby3.2-dev"
}
]
}Ubuntu:25.10
ruby3.3
Package
- Name
- ruby3.3
- Purl
- pkg:deb/ubuntu/ruby3.3@3.3.8-2ubuntu2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS
ruby2.3
Package
- Name
- ruby2.3
- Purl
- pkg:deb/ubuntu/ruby2.3@2.3.1-2~ubuntu16.04.16+esm11?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.3.0-1
2.3.0-2
2.3.0-4ubuntu2
2.3.0-4ubuntu3
2.3.0-5ubuntu1
2.3.1-2~16.04
2.3.1-2~16.04.2
2.3.1-2~16.04.4
2.3.1-2~16.04.5
2.3.1-2~16.04.6
2.3.1-2~16.04.7
2.3.1-2~16.04.9
2.3.1-2~16.04.10
2.3.1-2~16.04.11
2.3.1-2~16.04.12
2.3.1-2~ubuntu16.04.13
2.3.1-2~ubuntu16.04.14
2.3.1-2~ubuntu16.04.15
2.3.1-2~ubuntu16.04.16
2.3.1-2~ubuntu16.04.16+esm1
2.3.1-2~ubuntu16.04.16+esm2
2.3.1-2~ubuntu16.04.16+esm3
2.3.1-2~ubuntu16.04.16+esm4
2.3.1-2~ubuntu16.04.16+esm5
2.3.1-2~ubuntu16.04.16+esm6
2.3.1-2~ubuntu16.04.16+esm7
2.3.1-2~ubuntu16.04.16+esm8
2.3.1-2~ubuntu16.04.16+esm9
2.3.1-2~ubuntu16.04.16+esm10
2.3.1-2~ubuntu16.04.16+esm11
Ecosystem specific
{
"priority_reason": "This is a low severity issue",
"binaries": [
{
"binary_version": "2.3.1-2~ubuntu16.04.16+esm11",
"binary_name": "libruby2.3"
},
{
"binary_version": "2.3.1-2~ubuntu16.04.16+esm11",
"binary_name": "ruby2.3"
},
{
"binary_version": "2.3.1-2~ubuntu16.04.16+esm11",
"binary_name": "ruby2.3-dev"
},
{
"binary_version": "2.3.1-2~ubuntu16.04.16+esm11",
"binary_name": "ruby2.3-tcltk"
}
]
}Ubuntu:Pro:18.04:LTS
ruby2.5
Package
- Name
- ruby2.5
- Purl
- pkg:deb/ubuntu/ruby2.5@2.5.1-1ubuntu1.16+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.5.0~preview1-1ubuntu2
2.5.0-4ubuntu1
2.5.0-4ubuntu4
2.5.0-5ubuntu1
2.5.0-6ubuntu1
2.5.1-1ubuntu1
2.5.1-1ubuntu1.1
2.5.1-1ubuntu1.2
2.5.1-1ubuntu1.4
2.5.1-1ubuntu1.5
2.5.1-1ubuntu1.6
2.5.1-1ubuntu1.7
2.5.1-1ubuntu1.8
2.5.1-1ubuntu1.9
2.5.1-1ubuntu1.10
2.5.1-1ubuntu1.11
2.5.1-1ubuntu1.12
2.5.1-1ubuntu1.13
2.5.1-1ubuntu1.14
2.5.1-1ubuntu1.15
2.5.1-1ubuntu1.16
2.5.1-1ubuntu1.16+esm1
2.5.1-1ubuntu1.16+esm3
2.5.1-1ubuntu1.16+esm4
2.5.1-1ubuntu1.16+esm5
2.5.1-1ubuntu1.16+esm6
Ecosystem specific
{
"priority_reason": "This is a low severity issue",
"binaries": [
{
"binary_version": "2.5.1-1ubuntu1.16+esm6",
"binary_name": "libruby2.5"
},
{
"binary_version": "2.5.1-1ubuntu1.16+esm6",
"binary_name": "ruby2.5"
},
{
"binary_version": "2.5.1-1ubuntu1.16+esm6",
"binary_name": "ruby2.5-dev"
}
]
}Ubuntu:Pro:20.04:LTS
ruby2.7
Package
- Name
- ruby2.7
- Purl
- pkg:deb/ubuntu/ruby2.7@2.7.0-5ubuntu1.18+esm3?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.7.0-1
2.7.0-2
2.7.0-3
2.7.0-4
2.7.0-4ubuntu1
2.7.0-5ubuntu1
2.7.0-5ubuntu1.1
2.7.0-5ubuntu1.2
2.7.0-5ubuntu1.3
2.7.0-5ubuntu1.4
2.7.0-5ubuntu1.5
2.7.0-5ubuntu1.6
2.7.0-5ubuntu1.7
2.7.0-5ubuntu1.8
2.7.0-5ubuntu1.9
2.7.0-5ubuntu1.10
2.7.0-5ubuntu1.11
2.7.0-5ubuntu1.12
2.7.0-5ubuntu1.13
2.7.0-5ubuntu1.14
2.7.0-5ubuntu1.15
2.7.0-5ubuntu1.16
2.7.0-5ubuntu1.17
2.7.0-5ubuntu1.18
2.7.0-5ubuntu1.18+esm1
2.7.0-5ubuntu1.18+esm3
Ecosystem specific
{
"priority_reason": "This is a low severity issue",
"binaries": [
{
"binary_version": "2.7.0-5ubuntu1.18+esm3",
"binary_name": "libruby2.7"
},
{
"binary_version": "2.7.0-5ubuntu1.18+esm3",
"binary_name": "ruby2.7"
},
{
"binary_version": "2.7.0-5ubuntu1.18+esm3",
"binary_name": "ruby2.7-dev"
}
]
}