CVE-2025-27590
CRITICAL9.0EPSS 17.0%Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account
Published: 3/3/2025Modified: 3/3/2025
Also known as:GHSA-jx6p-9c26-g373
Description
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
Affected packages (1)
- RubyGems/oxidized-webfrom 0, < 0.15.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |