After collecting a fair number of CVEs, I realized that having a CVE isn’t really that big of a deal—unless it’s a major one (or comes with a juicy bug bounty 😏). So I figured, why not challenge myself with a CVE that’s not from a giant like Microsoft or Google, but still big enough to push my limits a bit? That’s when I started hunting for a target with a few friends, just for fun. Then I thought—why not go for something a little off the beaten path?

That’s how I ended up looking into languages I hadn’t really touched much before, like Ruby, Rust, and Go. After some digging, I stumbled upon Rack—a Ruby interface that connects web servers with Ruby web applications.

Detail Analysis

The full technical breakdown of this CVE has already been published on the company’s official blog: OPSWAT Blog - Security Analysis of Rack Ruby Framework CVEs. So in this post, I just want to share the journey of how I found the bug.

Why I choose Rack?

Partly to challenge myself, and partly for the reasons I mentioned earlier (yes, the money too 😅). Like any other researcher, I started by learning about the thing I wanted to audit. I dug into the docs and source code to understand what Rack actually does. Since it’s written in Ruby, reading and bug hunting was a bit tougher than usual (I’m more used to Python and JavaScript, lol).

After spending some time on it, I eventually found a bug. I submitted it right away and ended up getting a bounty for it. That gave me a nice boost of motivation to keep going and aim for even bigger bugs next time. 😎

My bug in News

• https://cybernews.com/security/ruby-rack-static-vulnerability-path-traversal-security-risk/
• https://thehackernews.com/2025/04/researchers-identify-rackstatic.html
• https://www.helpnetsecurity.com/2025/04/25/rack-ruby-vulnerability-could-reveal-secrets-to-attackers-cve-2025-27610/
• https://insight.scmagazineuk.com/vulnerabilities-in-ruby-rack-could-allow-unauthorised-file-access