Active Record logging vulnerable to ANSI escape injection_CVE-2025-55193

2.7 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

Description

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.

Basic Information

ID CVE-2025-55193

Source GitHub_M

Published Aug 13, 2025 at 22:41

Affected Product

Vendor rails

Product rails

Version >= 0, < 7.1.5.2

Affected Versions rails rails >= 0, < 7.1.5.2
rails rails >= 7.2, < 7.2.2.2
rails rails >= 8.0, < 8.0.2.1

CWE Classification

CWE-150

References

{
    "lastseen": "",
    "description": "Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.",
    "published": "2025-08-13T22:41:41.890Z",
    "modified": "2025-08-13T22:41:41.890Z",
    "type": "cve",
    "title": "Active Record logging vulnerable to ANSI escape injection",
    "source": "GitHub_M",
    "references": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776\nhttps://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290\nhttps://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b\nhttps://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202",
    "id": "CVE-2025-55193",
    "bulletinFamily": "",
    "cwe": [
        "CWE-150"
    ],
    "cvelist": null,
    "sourceData": "rails rails >= 0, < 7.1.5.2\nrails rails >= 7.2, < 7.2.2.2\nrails rails >= 8.0, < 8.0.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 2.7,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "rails",
    "version": ">= 0, < 7.1.5.2",
    "vendor": "rails",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}