CVE-2025-0306

Summary

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

Affected Software

VendorProductVersion RangeStatus
0 < *affected

Weaknesses

  • CWE-385: Covert Timing Channel

Workarounds

See the following possible mitigations for this flaw:

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References