Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Critical Path Traversal Flaws in Rack Ruby

April 25, 2025
Reading Time: 2 mins read
in Alerts
Linux Rootkit Evades Detection with io_uring

Researchers discovered three vulnerabilities in Rack, a Ruby web server interface, that expose files and distort log data. OPSWAT identified these vulnerabilities as CVE-2025-27610, CVE-2025-27111, and CVE-2025-25184, all affecting how Rack handles file paths. The most severe, CVE-2025-27610, can allow attackers to access sensitive files and trigger data breaches under specific conditions. This flaw exists because Rack::Static fails to sanitize user paths, especially when the :root directory is misconfigured.

Attackers can exploit these weaknesses by crafting malicious paths and injecting CRLF sequences to manipulate system logs.

Without proper neutralization, attackers can distort log entries and hide their activity, masking malicious access attempts. Organizations using Rack should upgrade immediately or limit exposure by configuring static file directories properly. Removing Rack::Static or isolating public files can help prevent unauthorized access in the absence of patches.

In a separate issue, Infodraw Media Relay Service (MRS) has a critical vulnerability tracked as CVE-2025-43928. This path traversal bug allows attackers to read or delete any system file by misusing the username parameter. The flaw affects both Linux and Windows, and unpatched systems in Belgium and Luxembourg were taken offline.

Infodraw’s surveillance devices are widely used by law enforcement and transportation networks across several countries.

Security researcher Tim Philipp Schäfers warned that exploitation is likely due to the flaw’s trivial nature and no vendor patch. He urges organizations to disconnect vulnerable systems or restrict access using VPNs or IP allowlists immediately. Despite disclosure, Infodraw has not released a fix, raising concern about public safety and data security. Preventive actions are critical, as the vulnerability allows unauthenticated users to access or destroy vital system files.

Reference:
  • Critical Path Traversal Flaws in Rack Ruby Web Server Expose Sensitive Files
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

GitLab Patch Stops Service Disruption Risks

Function Confusion Hits Serverless Clouds

May 22, 2025
GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

May 22, 2025
GitLab Patch Stops Service Disruption Risks

GitLab Patch Stops Service Disruption Risks

May 22, 2025
Teen Hacker Admits PowerSchool Cyberattack

Hazy Hawk Hijacks Cloud DNS For Web Scams

May 21, 2025
Teen Hacker Admits PowerSchool Cyberattack

Venom Spiders More Eggs Malware Hits Hiring

May 21, 2025
Teen Hacker Admits PowerSchool Cyberattack

Fake Kling AI Sites Spread Malware To Users

May 21, 2025

Latest Alerts

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Venom Spiders More Eggs Malware Hits Hiring

Hazy Hawk Hijacks Cloud DNS For Web Scams

Fake Kling AI Sites Spread Malware To Users

Subscribe to our newsletter

    Latest Incidents

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    UK Peter Green Chilled Hit By Ransomware

    Cellcom Cyberattack Causes Service Outage

    Ohio Kettering Health Faces Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial