CVE-2025-61594 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-61594 Interim 1 2 2026-03-05T00:28:17Z current 2025-11-01T00:15:20Z 2026-03-05T00:28:17Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-61594 URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 openSUSE Tumbleweed libruby3_4-3_4-3.4.7-1.1 ruby-3.3.10-5.module+el8.10.0+23696+c42b0f57 ruby-bundled-gems-3.3.10-5.module+el8.10.0+23696+c42b0f57 ruby-default-gems-3.3.10-5.module+el8.10.0+23696+c42b0f57 ruby-devel-3.3.10-5.module+el8.10.0+23696+c42b0f57 ruby-doc-3.3.10-5.module+el8.10.0+23696+c42b0f57 ruby-libs-3.3.10-5.module+el8.10.0+23696+c42b0f57 ruby3.4-3.4.7-1.1 ruby3.4-devel-3.4.7-1.1 ruby3.4-devel-extra-3.4.7-1.1 ruby3.4-doc-3.4.7-1.1 ruby3.4-doc-ri-3.4.7-1.1 rubygem-abrt-0.4.0-1.module+el8.10.0+21226+b78a28c4 rubygem-abrt-doc-0.4.0-1.module+el8.10.0+21226+b78a28c4 rubygem-bigdecimal-3.1.5-5.module+el8.10.0+23696+c42b0f57 rubygem-bundler-2.5.22-5.module+el8.10.0+23696+c42b0f57 rubygem-io-console-0.7.1-5.module+el8.10.0+23696+c42b0f57 rubygem-irb-1.13.1-5.module+el8.10.0+23696+c42b0f57 rubygem-json-2.7.2-5.module+el8.10.0+23696+c42b0f57 rubygem-minitest-5.20.0-5.module+el8.10.0+23696+c42b0f57 rubygem-mysql2-0.5.5-1.module+el8.10.0+21226+b78a28c4 rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+21226+b78a28c4 rubygem-pg-1.5.4-1.module+el8.10.0+21226+b78a28c4 rubygem-pg-doc-1.5.4-1.module+el8.10.0+21226+b78a28c4 rubygem-power_assert-2.0.3-5.module+el8.10.0+23696+c42b0f57 rubygem-psych-5.1.2-5.module+el8.10.0+23696+c42b0f57 rubygem-racc-1.7.3-5.module+el8.10.0+23696+c42b0f57 rubygem-rake-13.1.0-5.module+el8.10.0+23696+c42b0f57 rubygem-rbs-3.4.0-5.module+el8.10.0+23696+c42b0f57 rubygem-rdoc-6.6.3.1-5.module+el8.10.0+23696+c42b0f57 rubygem-rexml-3.4.4-5.module+el8.10.0+23696+c42b0f57 rubygem-rss-0.3.1-5.module+el8.10.0+23696+c42b0f57 rubygem-test-unit-3.6.1-5.module+el8.10.0+23696+c42b0f57 rubygem-typeprof-0.21.9-5.module+el8.10.0+23696+c42b0f57 rubygems-3.5.22-5.module+el8.10.0+23696+c42b0f57 rubygems-devel-3.5.22-5.module+el8.10.0+23696+c42b0f57 ruby-3.3.10-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 ruby-bundled-gems-3.3.10-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 ruby-default-gems-3.3.10-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 ruby-devel-3.3.10-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 ruby-doc-3.3.10-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 ruby-libs-3.3.10-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-abrt-0.4.0-1.module+el8.10.0+21226+b78a28c4 as a component of SUSE Liberty Linux 8 rubygem-abrt-doc-0.4.0-1.module+el8.10.0+21226+b78a28c4 as a component of SUSE Liberty Linux 8 rubygem-bigdecimal-3.1.5-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-bundler-2.5.22-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-io-console-0.7.1-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-irb-1.13.1-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-json-2.7.2-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-minitest-5.20.0-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-mysql2-0.5.5-1.module+el8.10.0+21226+b78a28c4 as a component of SUSE Liberty Linux 8 rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+21226+b78a28c4 as a component of SUSE Liberty Linux 8 rubygem-pg-1.5.4-1.module+el8.10.0+21226+b78a28c4 as a component of SUSE Liberty Linux 8 rubygem-pg-doc-1.5.4-1.module+el8.10.0+21226+b78a28c4 as a component of SUSE Liberty Linux 8 rubygem-power_assert-2.0.3-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-psych-5.1.2-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-racc-1.7.3-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-rake-13.1.0-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-rbs-3.4.0-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-rdoc-6.6.3.1-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-rexml-3.4.4-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-rss-0.3.1-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-test-unit-3.6.1-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygem-typeprof-0.21.9-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygems-3.5.22-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 rubygems-devel-3.5.22-5.module+el8.10.0+23696+c42b0f57 as a component of SUSE Liberty Linux 8 libruby3_4-3_4-3.4.7-1.1 as a component of openSUSE Tumbleweed ruby3.4-3.4.7-1.1 as a component of openSUSE Tumbleweed ruby3.4-devel-3.4.7-1.1 as a component of openSUSE Tumbleweed ruby3.4-devel-extra-3.4.7-1.1 as a component of openSUSE Tumbleweed ruby3.4-doc-3.4.7-1.1 as a component of openSUSE Tumbleweed ruby3.4-doc-ri-3.4.7-1.1 as a component of openSUSE Tumbleweed URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. Versions 0.12.5, 0.13.3, and 1.0.4 fix the issue. CVE-2025-61594 SUSE Liberty Linux 8:ruby-3.3.10-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:ruby-bundled-gems-3.3.10-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:ruby-default-gems-3.3.10-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:ruby-devel-3.3.10-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:ruby-doc-3.3.10-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:ruby-libs-3.3.10-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-abrt-0.4.0-1.module+el8.10.0+21226+b78a28c4 SUSE Liberty Linux 8:rubygem-abrt-doc-0.4.0-1.module+el8.10.0+21226+b78a28c4 SUSE Liberty Linux 8:rubygem-bigdecimal-3.1.5-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-bundler-2.5.22-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-io-console-0.7.1-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-irb-1.13.1-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-json-2.7.2-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-minitest-5.20.0-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-mysql2-0.5.5-1.module+el8.10.0+21226+b78a28c4 SUSE Liberty Linux 8:rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+21226+b78a28c4 SUSE Liberty Linux 8:rubygem-pg-1.5.4-1.module+el8.10.0+21226+b78a28c4 SUSE Liberty Linux 8:rubygem-pg-doc-1.5.4-1.module+el8.10.0+21226+b78a28c4 SUSE Liberty Linux 8:rubygem-power_assert-2.0.3-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-psych-5.1.2-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-racc-1.7.3-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-rake-13.1.0-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-rbs-3.4.0-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-rdoc-6.6.3.1-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-rexml-3.4.4-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-rss-0.3.1-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-test-unit-3.6.1-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygem-typeprof-0.21.9-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygems-3.5.22-5.module+el8.10.0+23696+c42b0f57 SUSE Liberty Linux 8:rubygems-devel-3.5.22-5.module+el8.10.0+23696+c42b0f57 openSUSE Tumbleweed:libruby3_4-3_4-3.4.7-1.1 openSUSE Tumbleweed:ruby3.4-3.4.7-1.1 openSUSE Tumbleweed:ruby3.4-devel-3.4.7-1.1 openSUSE Tumbleweed:ruby3.4-devel-extra-3.4.7-1.1 openSUSE Tumbleweed:ruby3.4-doc-3.4.7-1.1 openSUSE Tumbleweed:ruby3.4-doc-ri-3.4.7-1.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N