VDB
CVE-2025-24293
CVE-2025-24293
PUBLISHED
De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
EPSS 0.18% · 39.2th percentile
Risk Scores
EPSS Score
0.18%
39.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruby on Rails | activestorage | |
| Azure | storage | |
| Ruby on Rails | activerecord |
Exploit Intelligence
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc)
- Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc)
…and 153 more exploits
Timeline
- Aug 14, 2025 CVE Published
- Jan 31, 2026 CVE Updated
- Jan 31, 2026 EPSS Score
- Feb 2, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
References
- https://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0692/ advisory
- https://discuss.rubyonrails.org/t/cve-2025-24293-active-storage-allowed-transformation-methods-potentially-unsafe/89670 advisory
- https://discuss.rubyonrails.org/t/cve-2025-55193-ansi-escape-injection-in-active-record-logging/89669 advisory
- https://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0967/ advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324 advisory
…and 92 more