CVE-2025-27111

moderate-risk
Published 2025-03-04

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.

Do I need to act?

-
0.57% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Rack

References (5)

Patch https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
Patch https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
Patch https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
Mitigation https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
33
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal