CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability

criticalknown exploitedpublic exploitCVE-2019-5418
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents.

CSIRTS triage

What
Rails Ruby on Rails contains a path traversal vulnerability in Action View that can disclose arbitrary file contents.
Who is affected
Deployments of Ruby on Rails that utilize the affected Action View component are vulnerable.
Urgency
This is a critical vulnerability with confirmed exploitation, requiring immediate attention.
Action
Update Ruby on Rails to the latest version to mitigate this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Ruby on Rails

Get an email when a new Ruby on Rails advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Known Exploited Vulnerabilities (US · database · site)
Severity
critical
Published
2025-07-07
Exploitation
Observed in the wild (CISA KEV)

Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-5418

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2019-5418coverage & exploitation statusNVD · CVE.org

Recent advisories for Rails Ruby on

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from CISA Known Exploited Vulnerabilities