Main Vulnerability Database SB2025031754

SB2025031754 - CRLF injection in Rack

Published: March 17, 2025

Security Bulletin ID SB2025031754

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) CRLF injection (CVE-ID: CVE-2025-25184)

The vulnerability allows a remote user to manipulate data log entries.

The vulnerability exists due to insufficient validation of attacker-supplied data in Rack::CommonLogger. A remote user can pass specially crafted authorization credentials containing CR-LF characters to the Rack::Auth::Basic method, which stores this info into the to the env['REMOTE_USER'] variable. If the application accepts CR-LF characters in user name, a remote user can manipulate data log entries.

Remediation

Install update from vendor's website.

References

https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg