There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDebian
OSDebian8.0Fedora Project Fedora
OSFedoraproject30Opensuse Leap
OSOpensuse15.0Red Hat Cloudforms
APPRedhat4.64.7Red Hat Software Collections
APPRedhat1.0Rubyonrails Rails
APPRubyonrails5.2.0 – 5.2.2.1 (bez)5.1.0 – 5.1.6.2 (bez)5.0.0 – 5.0.7.2 (bez)3.0.0 – 4.2.11.1 (bez)
CISA KEV — detailsi
- Vendori
- Rails
- Producti
- Ruby on Rails
- Added to KEVi
- July 7, 2025
- Remediation deadline (US Federal)i
- July 28, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki