Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xnj2-tbzn-tff6
Vulnerability ID VCID-xnj2-tbzn-tff6
Aliases CVE-2025-55193
GHSA-76r7-hhxj-r776
Summary activerecord: Active Record ANSI Injection Vulnerability
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
System Score Found at
cvssv3 4.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
epss 0.00319 https://api.first.org/data/v1/epss?cve=CVE-2025-55193
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4 5.3 https://github.com/rails/rails
generic_textual MODERATE https://github.com/rails/rails
cvssv4 2.7 https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
cvssv4 5.3 https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
generic_textual MODERATE https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
ssvc Track https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
cvssv4 2.7 https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
cvssv4 5.3 https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
generic_textual MODERATE https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
ssvc Track https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
cvssv4 2.7 https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
cvssv4 5.3 https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
generic_textual MODERATE https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
ssvc Track https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
cvssv4 2.7 https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
cvssv4 5.3 https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
generic_textual MODERATE https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
ssvc Track https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
cvssv4 5.3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
cvssv4 5.3 https://nvd.nist.gov/vuln/detail/CVE-2025-55193
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-55193
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
https://api.first.org/data/v1/epss?cve=CVE-2025-55193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rails/rails
https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
https://nvd.nist.gov/vuln/detail/CVE-2025-55193
1111106 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
2388446 https://bugzilla.redhat.com/show_bug.cgi?id=2388446
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://github.com/rails/rails
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U Found at https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/ Found at https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U Found at https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/ Found at https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U Found at https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/ Found at https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U Found at https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/ Found at https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-55193
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55181
EPSS Score 0.00319
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:50:40.175369+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json 38.6.0