Search for vulnerabilities
Vulnerability details: VCID-ug6n-hxax-xfgp
Vulnerability ID VCID-ug6n-hxax-xfgp
Aliases CVE-2025-27221
GHSA-22h5-pq3x-2gf2
Summary URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. ## Details The methods `URI#join`, `URI#merge`, and `URI#+` retained userinfo, such as `user:password`, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using these methods, and having someone access that URL, an unintended userinfo leak could occur. Please update URI gem to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or later. ## Affected versions uri gem versions < 0.11.3, 0.12.0 to 0.12.3, 0.13.0, 0.13.1 and 1.0.0 to 1.0.2. ## Credits Thanks to Tsubasa Irisawa (lambdasawa) for discovering this issue. Also thanks to nobu for additional fixes of this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 3.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27221.json
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-27221
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr LOW https://github.com/advisories/GHSA-22h5-pq3x-2gf2
cvssv3.1 3.2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
ssvc Track https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
cvssv3.1 3.2 https://github.com/ruby/uri
generic_textual LOW https://github.com/ruby/uri
cvssv3.1 3.2 https://github.com/ruby/uri/pull/154
generic_textual LOW https://github.com/ruby/uri/pull/154
cvssv3.1 3.2 https://github.com/ruby/uri/pull/155
generic_textual LOW https://github.com/ruby/uri/pull/155
cvssv3.1 3.2 https://github.com/ruby/uri/pull/156
generic_textual LOW https://github.com/ruby/uri/pull/156
cvssv3.1 3.2 https://github.com/ruby/uri/pull/157
generic_textual LOW https://github.com/ruby/uri/pull/157
cvssv3.1 3.2 https://hackerone.com/reports/2957667
generic_textual LOW https://hackerone.com/reports/2957667
ssvc Track https://hackerone.com/reports/2957667
cvssv3.1 3.2 https://nvd.nist.gov/vuln/detail/CVE-2025-27221
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2025-27221
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2025-27221
cvssv3 3.2 https://www.cve.org/CVERecord?id=CVE-2025-27221
cvssv3.1 3.2 https://www.cve.org/CVERecord?id=CVE-2025-27221
generic_textual LOW https://www.cve.org/CVERecord?id=CVE-2025-27221
cvssv3.1 3.2 https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
generic_textual LOW https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27221.json
https://api.first.org/data/v1/epss?cve=CVE-2025-27221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27221
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
https://github.com/ruby/uri
https://github.com/ruby/uri/pull/154
https://github.com/ruby/uri/pull/155
https://github.com/ruby/uri/pull/156
https://github.com/ruby/uri/pull/157
https://hackerone.com/reports/2957667
https://nvd.nist.gov/vuln/detail/CVE-2025-27221
https://www.cve.org/CVERecord?id=CVE-2025-27221
https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
1103794 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103794
2349700 https://bugzilla.redhat.com/show_bug.cgi?id=2349700
cpe:2.3:a:tal:url:*:*:*:*:*:ruby:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tal:url:*:*:*:*:*:ruby:*:*
GHSA-22h5-pq3x-2gf2 https://github.com/advisories/GHSA-22h5-pq3x-2gf2
RHSA-2025:10217 https://access.redhat.com/errata/RHSA-2025:10217
RHSA-2025:4063 https://access.redhat.com/errata/RHSA-2025:4063
RHSA-2025:4488 https://access.redhat.com/errata/RHSA-2025:4488
RHSA-2025:4493 https://access.redhat.com/errata/RHSA-2025:4493
RHSA-2025:8131 https://access.redhat.com/errata/RHSA-2025:8131
USN-7418-1 https://usn.ubuntu.com/7418-1/
USN-7442-1 https://usn.ubuntu.com/7442-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27221.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:38:46Z/ Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/ruby/uri
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/ruby/uri/pull/154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/ruby/uri/pull/155
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/ruby/uri/pull/156
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/ruby/uri/pull/157
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://hackerone.com/reports/2957667
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:38:46Z/ Found at https://hackerone.com/reports/2957667
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://www.cve.org/CVERecord?id=CVE-2025-27221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02388
EPSS Score 0.00016
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:12:45.123083+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-22h5-pq3x-2gf2/GHSA-22h5-pq3x-2gf2.json 36.1.3