CVE-2025-55193 (activerecord): Active Record logging vulnerable to ANSI escape injection

PATCHED VERSIONS

~> 7.1.5.2
~> 7.2.2.2
>= 8.0.2.1

DESCRIPTION

This vulnerability has been assigned the CVE identifier CVE-2025-55193

Impact

The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal, it may include unescaped ANSI sequences.

Releases

The fixed releases are available at the normal locations.

Credits

Thanks to lio346 for reporting this vulnerability.

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
https://cert.kenet.or.ke/cve-2025-55193-ruby-rails-ansi-sequence-injection-vulnerability
https://github.com/advisories/GHSA-76r7-hhxj-r776

RubySec

CVE-2025-55193 (activerecord): Active Record logging vulnerable to ANSI escape injection

ADVISORIES

GEM

FRAMEWORK

PATCHED VERSIONS

DESCRIPTION

Impact

Releases

Credits

RELATED

Recent Advisories