Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Researchers identify rack :: static vulnerability that allows you to break data on Ruby servers
Global Security

Researchers identify rack :: static vulnerability that allows you to break data on Ruby servers

AdminBy AdminApril 25, 2025No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


April 25, 2025Red LakshmananVulnerability / data violation

Cybersecurity researchers revealed three security deficiencies in Standpoint The Ruby web server interface, which, if successfully used, can allow the attackers to gain unauthorized access to files, enter harmful data and reinforce magazines under certain conditions.

Vulnerability named According to the Cybersecurity supplier Opswat, below –

  • Cve-2025-27610 (CVSS assessment: 7.5) – vulnerability of the path that can be used to access all files in the indicated
  • Cve-2025-27111 (CVSS’s assessment: 6.9) – Incorrect Carbage Failure (CRLF) sequences and incorrect output neutralization for vulnerability of logs that can be used to manipulate log records and log files
  • Cve-2025-25184 (CVSS Assessment: 5.7) – Incorrect Carriage Failure (CRLF) and Incorrect Output for Vulneration Magazines that can be used to manipulate log records and injection of malicious data

Successful exploitation of disadvantages can allow the attacker to darken traces of attacks, read arbitrary files and enter a malicious code.

Cybersecurity

“Among these vulnerabilities, the CVE-2025-27610 is particularly serious, as this can allow an unauthorized attacker to receive confidential information, including configuration files, credentials and sensitive data that will lead to data violations,” Popwa said in a report that is shared with Hacker NEWS.

Disadvantages follow from what Stop :: staticThe intermediate software used to maintain static content, such as JavaScript, styles and images tables, does not start the pathways provided by users before submitting the files that will lead to the script if the attacker can provide a specially designed way to access files outside static files.

“In particular, if the parameter: the root parameter is not clearly defined, the default racks are the value for the current working catalog, assigning it the value dir.pwd, implicitly designating it as a root directory for web catagories,” said OPSWAT.

As a result, if the parameter: the root version is either uncertain or incorrectly configured with respect to the option: URLS, an unauthorized attacker can equip the CVE-2025-27610 through the methods to access sensitive files outside the designated web catalog.

To mitigate the risk that is deficiency, it is recommended to upgrade to the latest version. If immediate correction is not an option, it is recommended to remove the use of the rack :: static, or make sure the root: points on the way directory containing only files that need to be addressed publicly.

Critical Lack of Infodraw Media Related

Disclosure of the information occurs as a safety defect that was found in the Infodraw Media Relay Service (MRS) that allows you to read or delete arbitrary files using the passage of the passage (CVE-2025-43928, CVSS: 9.8) in the user’s Logn page.

Infodraw is an Israeli Mobile CCTV manufacturer used to transfer audio, video and GPS data on telecommunications networks. As depending on Web -Sight CompanyIts devices are used by law enforcement agencies, private investigations, fleet management and public transport in many countries.

Cybersecurity

“The grass path of the vulnerability allows it to read any file from the systems for unauthorized attackers,” said security researcher Tim Philip Scheffers in a statement shared with Hacker News. “In addition, there is a” vulnerability of a file “that allows the attackers to delete any file from the system.”

A drawback that allows you to log in to the username “../../../../,” affects both Windows and Linux versions of the MRS. Given this, the deficiency continues to be unwavering. The vulnerable systems in Belgium and Luxembourg were accepted offline after the responsible disclosure of information.

“The affected organizations first recommend accepting the application offline immediately (because, despite the early warnings, the manufacturer’s patch is not available, and it is believed that the vulnerability will be operated by malicious subjects in the near future),” Philip Schaepers, – Note.

“If it is not possible, the systems should be further protected by additional measures (such as using VPN or a specific IP unlock).”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.