vulnerability

Debian: CVE-2025-55193: rails -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Dec 23, 2025	Dec 23, 2025	Dec 23, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Dec 23, 2025

Added

Dec 23, 2025

Modified

Dec 23, 2025

Description

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.

Solution

debian-upgrade-rails

References

CVE-2025-55193
https://attackerkb.com/topics/CVE-2025-55193
CWE-150
DEBIAN-DLA-4416-1
DEBIAN-DSA-6090-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today