CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.2 LOW
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
mitreCNA
3.2 LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
talurl
𝑥
< 0.11.3
talurl
0.12.0 ≤
𝑥
< 0.12.4
talurl
0.13.0 ≤
𝑥
< 0.13.2
talurl
1.0.0 ≤
𝑥
< 1.0.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jruby
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
dne
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
ruby2.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm10
released
ruby2.5
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 2.5.1-1ubuntu1.16+esm4
released
ruby2.7
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 2.7.0-5ubuntu1.18
released
ruby3.0
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.0.2-7ubuntu2.10
released
focal
dne
ruby3.2
plucky
dne
oracular
dne
noble
Fixed 3.2.3-1ubuntu0.24.04.5
released
jammy
dne
focal
dne
ruby3.3
plucky
Fixed 3.3.7-1ubuntu2
released
oracular
Fixed 3.3.4-2ubuntu5.2
released
noble
dne
jammy
dne
focal
dne
Common Weakness Enumeration
References
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
https://hackerone.com/reports/2957667