Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-juuh-9psh-yyar
Vulnerability ID VCID-juuh-9psh-yyar
Aliases CVE-2025-61770
GHSA-p543-xpfm-54cp
Summary rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
epss 0.00266 https://api.first.org/data/v1/epss?cve=CVE-2025-61770
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-p543-xpfm-54cp
cvssv3.1 7.5 https://github.com/rack/rack
generic_textual HIGH https://github.com/rack/rack
cvssv3.1 7.5 https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
generic_textual HIGH https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
ssvc Track https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
cvssv3.1 7.5 https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
generic_textual HIGH https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
ssvc Track https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
cvssv3.1 7.5 https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
generic_textual HIGH https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
ssvc Track https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
cvssv3 7.5 https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
cvssv3.1 7.5 https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
cvssv3.1_qr HIGH https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
generic_textual HIGH https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
ssvc Track https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-61770
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-61770
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
https://api.first.org/data/v1/epss?cve=CVE-2025-61770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rack/rack
https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
https://nvd.nist.gov/vuln/detail/CVE-2025-61770
1117627 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
2402174 https://bugzilla.redhat.com/show_bug.cgi?id=2402174
GHSA-p543-xpfm-54cp https://github.com/advisories/GHSA-p543-xpfm-54cp
RHSA-2025:19512 https://access.redhat.com/errata/RHSA-2025:19512
RHSA-2025:19513 https://access.redhat.com/errata/RHSA-2025:19513
RHSA-2025:19647 https://access.redhat.com/errata/RHSA-2025:19647
RHSA-2025:19719 https://access.redhat.com/errata/RHSA-2025:19719
RHSA-2025:19733 https://access.redhat.com/errata/RHSA-2025:19733
RHSA-2025:19734 https://access.redhat.com/errata/RHSA-2025:19734
RHSA-2025:19736 https://access.redhat.com/errata/RHSA-2025:19736
RHSA-2025:19800 https://access.redhat.com/errata/RHSA-2025:19800
RHSA-2025:19948 https://access.redhat.com/errata/RHSA-2025:19948
RHSA-2025:20962 https://access.redhat.com/errata/RHSA-2025:20962
RHSA-2025:21036 https://access.redhat.com/errata/RHSA-2025:21036
RHSA-2025:21696 https://access.redhat.com/errata/RHSA-2025:21696
USN-7960-1 https://usn.ubuntu.com/7960-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/ Found at https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/ Found at https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/ Found at https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/ Found at https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-61770
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.5021
EPSS Score 0.00266
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:48:47.872031+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json 38.6.0