{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-30T21:03:08Z",
  "bugzilla" : {
    "description" : "uri: URI module: Credential exposure via URI + operator",
    "id" : "2426336",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426336"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-212",
  "details" : [ "URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.", "A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the `+` operator to combine Uniform Resource Identifiers (URIs). This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials (passwords), from the original URI, resulting in credential exposure." ],
  "statement" : "This vulnerability is rated Moderate as it allows for credential exposure when the URI module's `+` operator is used to combine URIs. This flaw bypasses a previous fix, potentially leading to sensitive information leakage from the original URI in affected applications across Red Hat Enterprise Linux, OpenShift Container Platform, and other products utilizing the vulnerable URI module.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-12-11T00:00:00Z",
    "advisory" : "RHSA-2025:23141",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "ruby-0:3.3.10-11.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-12-10T00:00:00Z",
    "advisory" : "RHSA-2025:23062",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:3.3-8100020251124151715.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-12-10T00:00:00Z",
    "advisory" : "RHSA-2025:23063",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ruby:3.3-9070020251113101221.9"
  } ],
  "package_state" : [ {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-logging/fluentd-rhel9",
    "cpe" : "cpe:/a:redhat:logging:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "rhel10/flatpak-sdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "rhel10/ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "ubi10/ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "rhel8/ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "ubi8/ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "rhel9/flatpak-sdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "rhel9/ruby-30",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "rhel9/ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "ubi9/ruby-30",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "ubi9/ruby-33",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-61594\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61594\nhttps://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\nhttps://github.com/ruby/uri/commit/7e521b2da0833d964aab43019e735aea674e1c2c\nhttps://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml\nhttps://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/" ],
  "name" : "CVE-2025-61594",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}