CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.2 LOW
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
mitreCNA
3.2 LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
ruby-languri
𝑥
< 0.11.3
ruby-languri
0.12.0 ≤
𝑥
< 0.12.4
ruby-languri
0.13.0 ≤
𝑥
< 0.13.2
ruby-languri
1.0.0 ≤
𝑥
< 1.0.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby2.3
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm10
released
ruby2.5
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 2.5.1-1ubuntu1.16+esm4
released
ruby2.7
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 2.7.0-5ubuntu1.18
released
ruby3.0
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.0.2-7ubuntu2.10
released
focal
dne
ruby3.2
questing
dne
plucky
dne
oracular
dne
noble
Fixed 3.2.3-1ubuntu0.24.04.5
released
jammy
dne
focal
dne
ruby3.3
questing
Fixed 3.3.7-1ubuntu2
released
plucky
Fixed 3.3.7-1ubuntu2
released
oracular
Fixed 3.3.4-2ubuntu5.2
released
noble
dne
jammy
dne
focal
dne
jruby
questing
needs-triage
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
dne
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
https://hackerone.com/reports/2957667
https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html