CVE-2025-24293

🗓️ 30 Jan 2026 20:11:15Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 77 Views

CVE-2025-24293: Active Storage unsafe image transformations enable command injection from untrusted input; upgrade.

Reporter	Title	Published	Views	Family All 34
ATTACKERKB	CVE-2025-24293	30 Jan 202620:11	–	attackerkb
Chainguard	CVE-2025-24293 vulnerabilities	2 Feb 202613:17	–	cgr
Circl	CVE-2025-24293	29 Oct 202513:31	–	circl
CNNVD	Active Storage security vulnerability	30 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-24293	30 Jan 202620:11	–	cvelist
Debian	[SECURITY] [DLA 4416-1] rails security update	26 Dec 202516:16	–	debian
Debian	[SECURITY] [DSA 6090-1] rails security update	21 Dec 202515:51	–	debian
Debian CVE	CVE-2025-24293	30 Jan 202620:11	–	debiancve
Tenable Nessus	Debian dla-4416 : rails - security update	26 Dec 202500:00	–	nessus
Tenable Nessus	Debian dsa-6090 : rails - security update	21 Dec 202500:00	–	nessus

Vulners

Node

rails activestorageRange≤7.0.2.1

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Rails",
    "product": "activestorage",
    "versions": [
      {
        "version": "5.2",
        "status": "affected",
        "lessThan": "5.*",
        "versionType": "semver"
      },
      {
        "version": "7.0",
        "status": "affected",
        "lessThan": "7.1.5.2",
        "versionType": "semver"
      },
      {
        "version": "8.0",
        "status": "affected",
        "lessThan": "7.0.2.1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/advisories/GHSA-r4mg-4433-c7g3

17 Jun 2026 08:58Current

6.2Medium risk

Vulners AI Score6.2

CVSS 49.2

EPSS0.02078

SSVC