CVE-2025-55193
Description
Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.
Is your site exposed to CVE-2025-55193?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-55193? +
How do I check if I'm vulnerable to CVE-2025-55193? +
Related Vulnerabilities
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML …
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was …
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the …
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish …
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric …
PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization …