CVE-2025-61772
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-10-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rack | rack | to 2.2.19 (exc) |
| rack | rack | From 3.1.0 (inc) to 3.1.17 (exc) |
| rack | rack | From 3.2.0 (inc) to 3.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Rack Ruby web server interface where the multipart parser can accumulate unlimited data if a multipart part's header block never ends with the required blank line (CRLFCRLF). Because there is no size limit on the header data, an attacker can send incomplete multipart headers that cause the parser to keep appending data to memory without bounds, leading to excessive memory use.
How can this vulnerability impact me? :
The vulnerability can lead to a denial of service (DoS) by exhausting the server's memory. Attackers can cause the server process to run out of memory (OOM) or experience severe slowdowns by sending specially crafted incomplete multipart headers. The impact worsens with larger request sizes and higher concurrency, potentially causing application crashes or degraded performance.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, restrict maximum request sizes at the proxy or web server layer. For example, if using Nginx, set the 'client_max_body_size' directive to limit the size of incoming requests. Additionally, upgrade Rack to versions 2.2.19, 3.1.17, or 3.2.2 or later, which include a cap on per-part header size to prevent unbounded memory accumulation.