CVE-2025-27590 Information

Description

In oxidized-web (aka Oxidized Web) before 0.15.0 the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

Reference

https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e https://github.com/ytti/oxidized-web/releases/tag/0.15.0