CVE-2025-61770
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2025-10-10

Assigner: GitHub, Inc.

Description
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2025-10-10
Generated
2026-05-07
AI Q&A
2025-10-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-61770
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
rack rack to 2.2.19 (exc)
rack rack From 3.1.0 (inc) to 3.1.17 (exc)
rack rack From 3.2.0 (inc) to 3.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Rack Ruby web server interface where the Rack::Multipart::Parser component buffers the entire multipart preamble (the bytes before the first boundary) in memory without any size limit. An attacker can exploit this by sending a very large preamble followed by a valid boundary in a multipart/form-data request, causing excessive memory usage. This can lead to out-of-memory conditions, potentially crashing the server process or causing severe slowdowns.


How can this vulnerability impact me? :

The vulnerability can cause significant memory spikes on the server handling multipart/form-data requests, which may lead to worker process crashes or severe performance degradation due to garbage collection overhead. This can disrupt service availability and reliability, especially under high concurrency or with large allowed request sizes.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for unusually high memory usage or out-of-memory (OOM) conditions in processes handling multipart/form-data requests. Since the issue involves large multipart preambles causing memory spikes, you can use system monitoring tools to observe memory consumption patterns. Commands such as 'top', 'htop', or 'ps aux --sort=-rss' can help identify processes with high memory usage. Additionally, inspecting web server logs for unusually large multipart/form-data requests may help detect exploitation attempts. However, no specific detection commands are provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading Rack to versions 2.2.19, 3.1.17, or 3.2.2 or later, which enforce a preamble size limit or discard preamble data entirely. If upgrading is not immediately possible, workarounds include limiting the total request body size at the proxy or web server level and monitoring memory usage with per-process limits to prevent out-of-memory conditions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart