CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0306: Ruby: openssl: ruby marvin attack

Description

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

Classification

CVE ID: CVE-2025-0306

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.76% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2025-0306
https://bugzilla.redhat.com/show_bug.cgi?id=2336100

Timeline

2025-01-10 00:31:13 UTC
CVE

Ruby: openssl: ruby marvin attack
2025-03-06 09:45:29 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2025-0306
2025-04-01 10:15:26 UTC
Tenable Plugins

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1326)
2025-04-01 10:15:28 UTC
Tenable Plugins

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1343)