
We found results for “”
CVE-2025-55193
Good to know:

Date: August 13, 2025
Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-150Top Fix

Upgrade Version
Upgrade to version activerecord - 8.0.2.1;activerecord - 7.2.2.2;activerecord - 7.1.5.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |