Critical severityNVD Advisory· Published Mar 3, 2025· Updated Mar 4, 2025

CVE-2025-27590

Description

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
oxidized-webRubyGems	< 0.15.0	0.15.0

Affected products

ghsa-coords
pkg:gem/oxidized-web
Range: < 0.15.0
Oxidized Web project/Oxidized Webv5
Range: 0

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-jx6p-9c26-g373ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-27590ghsaADVISORY
github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668eghsaWEB
github.com/ytti/oxidized-web/releases/tag/0.15.0ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.019
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000