Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-d58r-22kr-9bct
Vulnerability ID VCID-d58r-22kr-9bct
Aliases CVE-2025-61780
GHSA-r657-rxjc-j557
Summary Rack has a Possible Information Disclosure Vulnerability A possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (6)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
cvssv3 5.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-61780
cvssv3.1 5.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r657-rxjc-j557
cvssv3.1 5.8 https://github.com/rack/rack
generic_textual MODERATE https://github.com/rack/rack
cvssv3.1 5.8 https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
generic_textual MODERATE https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
ssvc Track https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
cvssv3.1 5.8 https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
generic_textual MODERATE https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
ssvc Track https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
cvssv3.1 5.8 https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
generic_textual MODERATE https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
ssvc Track https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
cvssv3 5.8 https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
cvssv3.1 5.8 https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
cvssv3.1_qr MODERATE https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
generic_textual MODERATE https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
ssvc Track https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
cvssv3.1 5.8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
cvssv3.1 5.8 https://nvd.nist.gov/vuln/detail/CVE-2025-61780
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-61780
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
https://api.first.org/data/v1/epss?cve=CVE-2025-61780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rack/rack
https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
1117855 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
2403126 https://bugzilla.redhat.com/show_bug.cgi?id=2403126
CVE-2025-61780 https://nvd.nist.gov/vuln/detail/CVE-2025-61780
CVE-2025-61780.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
GHSA-r657-rxjc-j557 https://github.com/advisories/GHSA-r657-rxjc-j557
GHSA-r657-rxjc-j557 https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
USN-7960-1 https://usn.ubuntu.com/7960-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rack/rack
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/ Found at https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/ Found at https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/ Found at https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/ Found at https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-61780
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.10328
EPSS Score 0.00035
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:59.287042+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2025-61780.yml 38.0.0