GHSA-R4MG-4433-C7G3 Active Storage allowed transformation methods that were potentially unsafe

🗓️ 14 Aug 2025 00:06:00Reported by GoogleType

osv🔗 osv.dev👁 3 Views

Active Storage CVE-2025-24293: unsafe image transformations via user input; fix in 7.1.5.2, 7.2.2.2, 8.0.2.1; upgrade or enforce strict input validation and ImageMagick policy.

Reporter	Title	Published	Views	Family All 34
ATTACKERKB	CVE-2025-24293	30 Jan 202620:11	–	attackerkb
Chainguard	CVE-2025-24293 vulnerabilities	2 Feb 202613:17	–	cgr
Circl	CVE-2025-24293	29 Oct 202513:31	–	circl
CNNVD	Active Storage security vulnerability	30 Jan 202600:00	–	cnnvd
CVE	CVE-2025-24293	30 Jan 202620:11	–	cve
Cvelist	CVE-2025-24293	30 Jan 202620:11	–	cvelist
Debian	[SECURITY] [DLA 4416-1] rails security update	26 Dec 202516:16	–	debian
Debian	[SECURITY] [DSA 6090-1] rails security update	21 Dec 202515:51	–	debian
Debian CVE	CVE-2025-24293	30 Jan 202620:11	–	debiancve
Tenable Nessus	Debian dla-4416 : rails - security update	26 Dec 202500:00	–	nessus

Source	Link
github	www.github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-24293
github	www.github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354
github	www.github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce
github	www.github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13
github	www.github.com/advisories/GHSA-r4mg-4433-c7g3
github	www.github.com/rails/rails
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml

31 Jan 2026 03:54Current

7.4High risk

Vulners AI Score7.4

CVSS 49.2

EPSS0.00178

active storage;unsafe image transformations;user input risk;vulnerability 2025-24293;image processing;mini magick risk;strict input validation;imagemagick policy;fixed versions 7.1.5.2;fixed versions 7.2.2.2;fixed versions 8.0.2.1