Is oxidized-web affected by CVE-2025-27590?

RubyGems oxidized-web is affected in <0.15.0.

Is CVE-2025-27590 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 24.3%.

critical

CVE-2025-27590

Q: Is CVE-2025-27590 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 24.3%.

RubyGems · oxidized-web

Summary

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

Severity: critical
EPSS: 24.3% (p98)
Also known as: GHSA-jx6p-9c26-g373
Published: 2025-03-03

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27590
https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e
https://github.com/ytti/oxidized-web

Related advisories

CVE-2019-25088 — medium · RubyGems/oxidized-web

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.