=8.0, <8.0.2.1

Q: How to fix?

Upgrade activerecord to version 7.1.5.2, 7.2.2.2, 8.0.2.1 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RUBY-ACTIVERECORD-11800112
published14 Aug 2025
disclosed13 Aug 2025
creditlio346

Report a new vulnerability Found a mistake?

Introduced: 13 Aug 2025

NewCVE-2025-55193 (opens in a new tab) CWE-150 (opens in a new tab)

How to fix?

Upgrade activerecord to version 7.1.5.2, 7.2.2.2, 8.0.2.1 or higher.

Overview

activerecord is a library for databases on Rails.

Affected versions of this package are vulnerable to Improper Neutralization via the ids parameter, which is passed to the find or raise_record_not_found_exception! function, can be logged without escaping. An attacker can inject arbitrary ANSI escape sequences into terminal output by supplying crafted input to methods that log identifiers, potentially causing misleading or malicious terminal behavior.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
Low
Availability (SA)
None