CVE-2025-61594: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in ruby uri
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
AI Analysis
Technical Summary
CVE-2025-61594 is an information exposure vulnerability in the Ruby URI module affecting versions before 0.12.5, between 0.13.0 and 0.13.3, and between 1.0.0 and 1.0.4. When URIs are combined using the + operator, sensitive data such as passwords from the original URI may be leaked, violating RFC3986 standards. This vulnerability acts as a bypass for the earlier CVE-2025-27221 fix. The issue has been addressed in versions 0.12.5, 0.13.3, and 1.0.4 of the URI module.
Potential Impact
The vulnerability can lead to exposure of sensitive information, specifically user credentials embedded in URIs, which could be accessed by unauthorized actors. The CVSS score of 2.1 indicates a low severity impact, with local attack vector and low complexity. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade the Ruby URI module to version 0.12.5, 0.13.3, or 1.0.4 or later, where this vulnerability has been fixed. Since this is a library vulnerability, applying the official patch by updating the affected Ruby versions is the recommended remediation. No additional mitigations are indicated.
CVE-2025-61594: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in ruby uri
Description
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-61594 is an information exposure vulnerability in the Ruby URI module affecting versions before 0.12.5, between 0.13.0 and 0.13.3, and between 1.0.0 and 1.0.4. When URIs are combined using the + operator, sensitive data such as passwords from the original URI may be leaked, violating RFC3986 standards. This vulnerability acts as a bypass for the earlier CVE-2025-27221 fix. The issue has been addressed in versions 0.12.5, 0.13.3, and 1.0.4 of the URI module.
Potential Impact
The vulnerability can lead to exposure of sensitive information, specifically user credentials embedded in URIs, which could be accessed by unauthorized actors. The CVSS score of 2.1 indicates a low severity impact, with local attack vector and low complexity. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade the Ruby URI module to version 0.12.5, 0.13.3, or 1.0.4 or later, where this vulnerability has been fixed. Since this is a library vulnerability, applying the official patch by updating the affected Ruby versions is the recommended remediation. No additional mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-09-26T16:25:25.150Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 695450a0db813ff03e2bda74
Added to database: 12/30/2025, 10:22:24 PM
Last enriched: 4/17/2026, 11:10:57 AM
Last updated: 5/8/2026, 12:53:04 PM
Views: 98
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.