Low severityOSV Advisory· Published Aug 13, 2025· Updated Apr 15, 2026
CVE-2025-55193
CVE-2025-55193
Description
Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
activerecordRubyGems | >= 8.0, < 8.0.2.1 | 8.0.2.1 |
activerecordRubyGems | >= 7.2, < 7.2.2.2 | 7.2.2.2 |
activerecordRubyGems | < 7.1.5.2 | 7.1.5.2 |
Affected products
12- Range: v0.10.0, v0.10.1, v0.11.0, …
- osv-coords11 versionspkg:apk/chainguard/ruby3.2-activerecordpkg:apk/chainguard/ruby3.3-activerecordpkg:apk/chainguard/ruby3.4-activerecordpkg:apk/wolfi/ruby3.2-activerecordpkg:apk/wolfi/ruby3.3-activerecordpkg:apk/wolfi/ruby3.4-activerecordpkg:gem/activerecordpkg:rpm/opensuse/hawk2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/rubygem-activerecord-8.0&distro=openSUSE%20Tumbleweedpkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2016.0pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 8.0.2.1-r0+ 10 more
- (no CPE)range: < 8.0.2.1-r0
- (no CPE)range: < 8.0.2.1-r0
- (no CPE)range: < 8.0.2.1-r0
- (no CPE)range: < 8.0.2.1-r0
- (no CPE)range: < 8.0.2.1-r0
- (no CPE)range: < 8.0.2.1-r0
- (no CPE)range: >= 8.0, < 8.0.2.1
- (no CPE)range: < 2.7.0+git.1742310530.bfcd0e2c-160000.3.1
- (no CPE)range: < 8.0.1-2.1
- (no CPE)range: < 2.7.0+git.1742310530.bfcd0e2c-160000.3.1
- (no CPE)range: < 2.7.0+git.1742310530.bfcd0e2c-160000.3.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-76r7-hhxj-r776ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55193ghsaADVISORY
- github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290nvdWEB
- github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9bnvdWEB
- github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202nvdWEB
- github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.ymlghsaWEB
News mentions
0No linked articles in our index yet.