Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix the issue. Some other mitigations are available. One may use middleware to enforce a maximum query string size or parameter count, or employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies. Limiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8319 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01586-2 advisory.

    - CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser     (bsc#1242894).
    - CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the     Rack::Session::Pool       middleware is being used (bsc#1242899).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8256 advisory.

    [0.11.9-2.el9_6.1]
    - rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8323 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8322 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2856 advisory.

    Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14,     `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data     structures without imposing any limit on the number of parameters, allowing attackers to send requests     with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates     over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total     number of parameters. This allows an attacker to send a single request containing hundreds of thousands     (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger     denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin     CPU resources, stalling or crashing the Rack server. This results in full service disruption until the     affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix the issue. Some other mitigations     are available. One may use middleware to enforce a maximum query string size or parameter count, or employ     a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.
    Limiting request body sizes and query string lengths at the web server or CDN level is an effective     mitigation. (CVE-2025-46727)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8254 advisory.

    - Fixed CVE-2024-52804 by patching bundled Tornado       Resolves: RHEL-93167

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8289 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8291 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8290 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8288 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8279 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8254 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8256 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7604 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser     (CVE-2025-46727)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7605 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01586-1 advisory.

    - CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser     (bsc#1242894).
    - CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the     Rack::Session::Pool       middleware is being used (bsc#1242899).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7507-1 advisory.

    It was discovered that Rack incorrectly handled deleted rack sessions. An attacker could possibly use this     issue to expose sensitive information or to gain unauthorized access to user accounts. (CVE-2025-32441)

    It was discovered that Rack incorrectly limited the number of parameters in a web request. An attacker     could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS,     Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-46727)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of the RACK Ruby library installed on the remote host is prior to 2.2.14 / 3.0.16 / 3.1.14 . It is, therefore, affected by a DoS vulnerability where an attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
237857	RHEL 10 : pcs (RHSA-2025:8319)	Nessus	Red Hat Local Security Checks	high
237782	SUSE SLES15 Security Update : rubygem-rack (SUSE-SU-2025:01586-2)	Nessus	SuSE Local Security Checks	medium
237581	Oracle Linux 9 : pcs (ELSA-2025-8256)	Nessus	Oracle Linux Local Security Checks	high
237488	RHEL 8 : pcs (RHSA-2025:8323)	Nessus	Red Hat Local Security Checks	high
237487	RHEL 7 : pcs (RHSA-2025:8322)	Nessus	Red Hat Local Security Checks	high
237472	Amazon Linux 2 : pcs (ALAS-2025-2856)	Nessus	Amazon Linux Local Security Checks	high
237460	Oracle Linux 8 : pcs (ELSA-2025-8254)	Nessus	Oracle Linux Local Security Checks	high
237458	RHEL 9 : pcs (RHSA-2025:8289)	Nessus	Red Hat Local Security Checks	high
237456	RHEL 9 : pcs (RHSA-2025:8291)	Nessus	Red Hat Local Security Checks	high
237453	RHEL 8 : pcs (RHSA-2025:8290)	Nessus	Red Hat Local Security Checks	high
237451	RHEL 9 : pcs (RHSA-2025:8288)	Nessus	Red Hat Local Security Checks	high
237435	RHEL 8 : pcs (RHSA-2025:8279)	Nessus	Red Hat Local Security Checks	high
237410	RHEL 8 : pcs (RHSA-2025:8254)	Nessus	Red Hat Local Security Checks	high
237409	RHEL 9 : pcs (RHSA-2025:8256)	Nessus	Red Hat Local Security Checks	high
237352	RHEL 9 : Satellite 6.17.0.1 Async Update (Important) (RHSA-2025:7604)	Nessus	Red Hat Local Security Checks	high
237349	RHEL 8 / 9 : Satellite 6.16.5.1 Async Update (Important) (RHSA-2025:7605)	Nessus	Red Hat Local Security Checks	high
237086	SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:01586-1)	Nessus	SuSE Local Security Checks	medium
236870	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Rack vulnerabilities (USN-7507-1)	Nessus	Ubuntu Local Security Checks	medium
236779	Ruby RACK < 2.2.14 / 3.0.16 / 3.1.14 DoS vulnerability	Nessus	Misc.	high

Detections

Analytics

CVE-2025-46727

high

Tenable Plugins

high

medium

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

medium

high