Summary: Cybersecurity researchers have identified multiple vulnerabilities in the Rack Ruby web server interface and the Infodraw Media Relay Service (MRS), posing significant risks such as unauthorized file access and the potential for data breaches. Exploitation of these flaws can lead to severe consequences, including data manipulation and unauthorized data deletion. Immediate action is recommended to mitigate these risks.
Affected: Rack Ruby web server, Infodraw Media Relay Service (MRS)
Keypoints :
- Three vulnerabilities in Rack Ruby could allow unauthorized access to files and log tampering.
- CVE-2025-27610 is particularly severe, permitting unauthenticated access to sensitive data.
- Infodraw MRS has a critical path traversal vulnerability (CVE-2025-43928) allowing arbitrary file reading and deletion.
- Immediate mitigation steps include patching or reconfiguring the affected systems.
Source: https://thehackernews.com/2025/04/researchers-identify-rackstatic.html