{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-27221", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-04T16:39:00.368Z", "dateReserved": "2025-02-20T00:00:00.000Z", "datePublished": "2025-03-03T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "URI", "vendor": "ruby-lang", "versions": [{"lessThan": "0.11.3", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "0.12.4", "status": "affected", "version": "0.12.0", "versionType": "custom"}, {"lessThan": "0.13.2", "status": "affected", "version": "0.13.0", "versionType": "custom"}, {"lessThan": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-03T23:58:48.831Z"}, "references": [{"url": "https://hackerone.com/reports/2957667"}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.11.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.12.0", "versionEndExcluding": "0.12.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.13.0", "versionEndExcluding": "0.13.2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.0.3"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T16:38:46.135358Z", "id": "CVE-2025-27221", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T16:39:00.368Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27221", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T16:38:46.135358Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T16:38:53.645Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}}], "affected": [{"vendor": "ruby-lang", "product": "URI", "versions": [{"status": "affected", "version": "0", "lessThan": "0.11.3", "versionType": "custom"}, {"status": "affected", "version": "0.12.0", "lessThan": "0.12.4", "versionType": "custom"}, {"status": "affected", "version": "0.13.0", "lessThan": "0.13.2", "versionType": "custom"}, {"status": "affected", "version": "1.0.0", "lessThan": "1.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/2957667"}, {"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.11.3"}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.12.4", "versionStartIncluding": "0.12.0"}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.13.2", "versionStartIncluding": "0.13.0"}, {"criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.0.3", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-03T23:58:48.831Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27221", "state": "PUBLISHED", "dateUpdated": "2025-03-04T16:39:00.368Z", "dateReserved": "2025-02-20T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."}], "id": "CVE-2025-27221", "lastModified": "2025-03-04T00:15:31.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-03-04T00:15:31.847", "references": [{"source": "cve@mitre.org", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"}, {"source": "cve@mitre.org", "url": "https://hackerone.com/reports/2957667"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "uri: userinfo leakage in URI#join, URI#merge and URI#+", "id": "2349700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349700"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-212", "details": ["In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.", "A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URI#join, URI#merge, and URI#+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using these methods, and having someone access that URL, an unintended userinfo leak can occur."], "name": "CVE-2025-27221", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby-30", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby-31", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ruby-33", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27221\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27221\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml\nhttps://hackerone.com/reports/2957667"], "threat_severity": "Low"}