CVE-2025-55193

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-55193
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55193.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-55193
Aliases
Downstream
Related
Published
2025-08-13T22:41:41.890Z
Modified
2025-12-02T20:14:32.610723Z
Severity
  • 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U CVSS Calculator
Summary
Active Record logging vulnerable to ANSI escape injection
Details

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-150"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55193.json"
}
References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ddb56de25997491b57868d3a119b6aa3cd31ad4b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.1.5.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
fb6c4305939da06efdf2893d99130e7829c53e8b
Fixed
9204eb520c2784ca7a1da9a4884aad21c59088fd
Database specific 
{
    "versions": [
        {
            "introduced": "7.2"
        },
        {
            "fixed": "7.2.2.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
dd8f7185faeca6ee968a6e9367f6d8601a83b8db
Fixed
b0c813bc7b61c71dd21ee3a6c6210f6d14030f71
Database specific 
{
    "versions": [
        {
            "introduced": "8.0"
        },
        {
            "fixed": "8.0.2.1"
        }
    ]
}

Affected versions

v0.*

v0.10.0
v0.10.1
v0.11.0
v0.11.1
v0.12.0
v0.13.0
v0.13.1
v0.14.1
v0.14.3
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.4.1
v0.9.5

v1.*

v1.1.0
v1.1.0_RC1
v1.1.1

v2.*

v2.0.0
v2.0.0_PR
v2.0.0_RC1
v2.0.0_RC2
v2.0.1
v2.1.0
v2.1.0_RC1
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.2.1

v3.*

v3.0.0.beta.2
v3.0.0.beta.3
v3.0.0.beta1
v3.0.0.beta2
v3.0.0.beta3
v3.0.0.beta4
v3.0.0_RC
v3.1.0.beta1
v3.1.0.rc1
v3.2.0.rc1

v4.*

v4.0.0.beta1
v4.0.0.rc1
v4.1.0.beta1
v4.1.0.beta2
v4.2.0.beta1
v4.2.0.beta4

v5.*

v5.0.0.beta1
v5.0.0.beta1.1
v5.0.0.beta2
v5.0.0.beta3
v5.0.0.beta4
v5.0.0.rc1
v5.1.0.beta1

v6.*

v6.0.0.beta1
v6.0.0.beta2
v6.0.0.beta3
v6.1.0.rc1

v7.*

v7.0.0.alpha1
v7.0.0.alpha2
v7.1.0
v7.1.0.beta1
v7.1.0.rc1
v7.1.0.rc2
v7.1.1
v7.1.2
v7.1.3
v7.1.3.1
v7.1.3.2
v7.1.3.3
v7.1.3.4
v7.1.4
v7.1.4.1
v7.1.4.2
v7.1.5
v7.1.5.1
v7.2.0
v7.2.1
v7.2.1.1
v7.2.1.2
v7.2.2
v7.2.2.1

v8.*

v8.0.0
v8.0.0.1
v8.0.1
v8.0.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55193.json"