{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61594", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-09-26T16:25:25.150Z", "datePublished": "2025-12-30T21:03:08.990Z", "dateUpdated": "2025-12-30T21:29:39.048Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://rubygems.org/gems/uri", "defaultStatus": "unaffected", "packageName": "uri", "product": "uri", "repo": "https://github.com/ruby/uri", "vendor": "ruby", "versions": [{"lessThan": "0.12.5", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "0.13.3", "status": "affected", "version": "0.13.0", "versionType": "custom"}, {"lessThan": "1.0.4", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4,&nbsp;</span>a bypass exists for the fix to CVE-2025-27221 that can expose user credentials.&nbsp;When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue.<br>"}], "value": "URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 2.7, "baseSeverity": "LOW", "exploitMaturity": "UNREPORTED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-12-30T21:03:08.990Z"}, "references": [{"url": "https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/"}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml"}, {"url": "https://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c"}, {"url": "https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902"}, {"url": "https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a"}], "source": {"discovery": "UNKNOWN"}, "title": "URI Credential Leakage Bypass over CVE-2025-27221", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-30T21:29:32.513492Z", "id": "CVE-2025-61594", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T21:29:39.048Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61594", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-30T21:29:32.513492Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T21:29:36.147Z"}}], "cna": {"title": "URI Credential Leakage Bypass over CVE-2025-27221", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/ruby/uri", "vendor": "ruby", "product": "uri", "versions": [{"status": "affected", "version": "0", "lessThan": "0.12.5", "versionType": "custom"}, {"status": "affected", "version": "0.13.0", "lessThan": "0.13.3", "versionType": "custom"}, {"status": "affected", "version": "1.0.0", "lessThan": "1.0.4", "versionType": "custom"}], "packageName": "uri", "collectionURL": "https://rubygems.org/gems/uri", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/"}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml"}, {"url": "https://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c"}, {"url": "https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902"}, {"url": "https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4,&nbsp;</span>a bypass exists for the fix to CVE-2025-27221 that can expose user credentials.&nbsp;When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-12-30T21:03:08.990Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61594", "state": "PUBLISHED", "dateUpdated": "2025-12-30T21:29:39.048Z", "dateReserved": "2025-09-26T16:25:25.150Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-12-30T21:03:08.990Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue."}], "id": "CVE-2025-61594", "lastModified": "2025-12-31T20:42:43.210", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-12-30T21:15:43.893", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902"}, {"source": "security-advisories@github.com", "url": "https://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c"}, {"source": "security-advisories@github.com", "url": "https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a"}, {"source": "security-advisories@github.com", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml"}, {"source": "security-advisories@github.com", "url": "https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "uri: URI module: Credential exposure via URI + operator", "id": "2426336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426336"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-212", "details": ["URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue.", "A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the `+` operator to combine Uniform Resource Identifiers (URIs). This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials (passwords), from the original URI, resulting in credential exposure."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-61594", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/fluentd-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rhel10/flatpak-sdk", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rhel10/ruby-33", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "ubi10/ruby-33", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "rhel8/ruby-33", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ruby:3.3/ruby", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ubi8/ruby-33", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rhel9/flatpak-sdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rhel9/ruby-30", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rhel9/ruby-33", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby:3.3/ruby", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ubi9/ruby-30", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ubi9/ruby-33", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-30T21:03:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-61594\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61594\nhttps://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\nhttps://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c\nhttps://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml\nhttps://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/"], "statement": "This vulnerability is rated Moderate as it allows for credential exposure when the URI module's `+` operator is used to combine URIs. This flaw bypasses a previous fix, potentially leading to sensitive information leakage from the original URI in affected applications across Red Hat Enterprise Linux, OpenShift Container Platform, and other products utilizing the vulnerable URI module.", "threat_severity": "Moderate"}

{"created": "2026-01-05T10:19:26.248120+00:00", "updated": "2026-01-05T10:19:26.248146+00:00", "vendors": ["ruby-lang", "ruby-lang$PRODUCT$uri"]}