CVE-2025-27590 (oxidized-web): Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

ADVISORIES

CVE-2025-27590 (NVD)
GHSA-jx6p-9c26-g373

GEM

oxidized-web

SEVERITY

CVSS v3.x: 9.1 (Critical)

PATCHED VERSIONS

>= 0.15.0

DESCRIPTION

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

https://nvd.nist.gov/vuln/detail/CVE-2025-27590
https://github.com/ytti/oxidized-web/releases/tag/0.15.0
https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e
https://github.com/advisories/GHSA-jx6p-9c26-g373

RubySec

CVE-2025-27590 (oxidized-web): Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories