Active Record logging vulnerable to ANSI escape injection

GHSA-76r7-hhxj-r776 · CVE-2025-55193

Published Aug 13, 2025 · Modified Feb 5, 2026

Description

This vulnerability has been assigned the CVE identifier CVE-2025-55193

Impact

The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences.

Releases

The fixed releases are available at the normal locations.

Credits

Thanks to lio346 from Unit 515 of OPSWAT for reporting this vulnerability

References

WEB https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-55193
WEB https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
WEB https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
WEB https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
PACKAGE https://github.com/rails/rails
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes