wid-sec-w-2026-0881 · Published 2026-03-25 · View on BSI CERT-Bund ↗

IBM License Metric Tool: Multiple Vulnerabilities

CVSS 7.5 HIGH

Risk Summary

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

CVEs (4)

CVE-2025-68161 CVE-2026-22860 CVE-2026-25500 CVE-2026-25639

Affected Vendors

Debian IBM

Affected Products (2)

IBM · License Metric Tool <9.2.43

IBM · License Metric Tool 9.2.43

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more