{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-27221", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-03T21:13:26.685Z", "dateReserved": "2025-02-20T00:00:00.000Z", "datePublished": "2025-03-03T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "URI", "vendor": "ruby-lang", "versions": [{"lessThan": "0.11.3", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "0.12.4", "status": "affected", "version": "0.12.0", "versionType": "custom"}, {"lessThan": "0.13.2", "status": "affected", "version": "0.13.0", "versionType": "custom"}, {"lessThan": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-03T23:58:48.831Z"}, "references": [{"url": "https://hackerone.com/reports/2957667"}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.11.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.12.0", "versionEndExcluding": "0.12.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.13.0", "versionEndExcluding": "0.13.2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.0.3"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T16:38:46.135358Z", "id": "CVE-2025-27221", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T16:39:00.368Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:13:26.685Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:13:26.685Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27221", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T16:38:46.135358Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T16:38:53.645Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}}], "affected": [{"vendor": "ruby-lang", "product": "URI", "versions": [{"status": "affected", "version": "0", "lessThan": "0.11.3", "versionType": "custom"}, {"status": "affected", "version": "0.12.0", "lessThan": "0.12.4", "versionType": "custom"}, {"status": "affected", "version": "0.13.0", "lessThan": "0.13.2", "versionType": "custom"}, {"status": "affected", "version": "1.0.0", "lessThan": "1.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/2957667"}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.11.3"}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.12.4", "versionStartIncluding": "0.12.0"}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.13.2", "versionStartIncluding": "0.13.0"}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.0.3", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-03T23:58:48.831Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27221", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:13:26.685Z", "dateReserved": "2025-02-20T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "DBED576B-ECD4-416D-93B7-4ACE5C950A6C", "versionEndExcluding": "0.11.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "201EB534-4240-4158-ACB0-C5179813CF59", "versionEndExcluding": "0.12.4", "versionStartIncluding": "0.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "8FB07CCD-3D32-4A0D-B614-D8A30625212E", "versionEndExcluding": "0.13.2", "versionStartIncluding": "0.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "34E4B8C4-02CC-45DB-A2AC-E206E511CBDE", "versionEndExcluding": "1.0.3", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."}, {"lang": "es", "value": "En la gema URI anterior a 1.0.3 para Ruby, los m\u00e9todos de gesti\u00f3n de URI (URI.join, URI#merge, URI#+) tienen una fuga involuntaria de credenciales de autenticaci\u00f3n porque la informaci\u00f3n del usuario se conserva incluso despu\u00e9s de cambiar el host."}], "id": "CVE-2025-27221", "lastModified": "2025-11-03T22:18:43.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-04T00:15:31.847", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/2957667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "cve@mitre.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8131", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "ruby-0:3.3.8-10.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-26T00:00:00Z"}, {"advisory": "RHSA-2025:10217", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ruby:3.3-8100020250414172630.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:4063", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ruby:3.1-8100020250407112943.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-04-23T00:00:00Z"}, {"advisory": "RHSA-2025:4488", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ruby:3.1-9050020250404144903.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4493", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ruby:3.3-9050020250415095239.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-06T00:00:00Z"}], "bugzilla": {"description": "uri: userinfo leakage in URI#join, URI#merge and URI#+", "id": "2349700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349700"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-212", "details": ["In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.", "A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URI#join, URI#merge, and URI#+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using these methods, and having someone access that URL, an unintended userinfo leak can occur."], "name": "CVE-2025-27221", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby-30", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby-31", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby-33", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27221\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27221\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml\nhttps://hackerone.com/reports/2957667"], "threat_severity": "Low"}

{}