CVE-2025-55193: Active Record logging vulnerable to ANSI escape injection

Published Aug 13, 2025
·
Updated

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1.

Other sources

This vulnerability has been assigned the CVE identifier CVE-2025-55193

Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences.

Releases The fixed releases are available at the normal locations.

Credits

Thanks to lio346 from Unit 515 of OPSWAT for reporting this vulnerability

GitHub

Affected Software

5 affected componentsFixes available
Active Record Active Record<7.1.5.2, <7.2.2.2, <8.0.2.1
rubygems/activerecord>=0<7.1.5.2
7.1.5.2
rubygems/activerecord>=7.2<7.2.2.2
7.2.2.2
rubygems/activerecord>=8.0<8.0.2.1
8.0.2.1
IBM Aspera Faspex 5<=5.0.0 - 5.0.13.1

Event History

Aug 13, 2025
Advisory Published
via GitHub·10:32 PM
Data Sourced
via GitHub·10:32 PM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·10:41 PM
Data Sourced
via MITRE·10:41 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeakness
Oct 8, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-55193?

CVE-2025-55193 is classified as a medium severity vulnerability due to potential information exposure through unescaped ANSI sequences.

2

How do I fix CVE-2025-55193?

To fix CVE-2025-55193, upgrade Active Record to version 7.1.5.2, 7.2.2.2, or 8.0.2.1 or later.

3

What versions of Active Record are affected by CVE-2025-55193?

CVE-2025-55193 affects Active Record versions prior to 7.1.5.2, 7.2.2.2, and 8.0.2.1.

4

What is the nature of the vulnerability in CVE-2025-55193?

CVE-2025-55193 involves logging IDs without escaping them, potentially leading to the exposure of unescaped ANSI sequences.

5

Can CVE-2025-55193 lead to data leakage?

Yes, CVE-2025-55193 can lead to data leakage as it may log sensitive information in an unescaped format.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203