CVE-2025-27221

Published Mar 4, 2025

Last updated 25 days ago

CVSS low 3.2

Overview

Description
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
Source
cve@mitre.org
NVD status
Analyzed
Products
uri

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-212
nvd@nist.gov
CWE-212

Social media

Hype score
Not currently trending

  1. CVE-2025-27221 In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo… https://t.co/aTfGa1jMfv

    @CVEnew

    7 Mar 2025

    238 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Lambda Watchdog detected a new LOW severity CVE 🚨 CVE-2025-27221 was detected in the latest AWS Lambda image scan affecting the uri package in 2 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless

    @LambdaWatchdog

    4 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Ruby News ➜ Security advisories: CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221 https://t.co/lhGgOXB5Hx

    @rubylandnews

    26 Feb 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.