Miggo Logo
Miggo Vulnerability Database
CVE-2025-30089

CVE-2025-30089: gurk (aka gurk-rs) mishandles ANSI escape sequences

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-30089
GHSA ID
GHSA-89xp-c3mq-qj84
EPSS Score
0.23068%
CWE
CWE-150
Published
3/17/2025
Updated
3/17/2025
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
gurkrust<= 0.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper neutralization of ANSI escape sequences in user-controlled input. Based on standard Rust application structure and the described attack vector (message rendering), the most likely vulnerable components are: 1) The message handling function that receives untrusted input, and 2) The terminal output rendering component that displays content. These would be common locations where raw message data interacts with terminal interfaces without proper sanitization. Confidence is medium due to lack of direct code access, but grounded in the described vulnerability pattern and Rust crate architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*urk (*k* *urk-rs) t*rou** *.*.* mis**n*l*s *NSI *s**p* s*qu*n**s.

Reasoning

T** vuln*r**ility st*ms *rom improp*r n*utr*liz*tion o* *NSI *s**p* s*qu*n**s in us*r-*ontroll** input. **s** on st*n**r* Rust *ppli**tion stru*tur* *n* t** **s*ri*** *tt**k v**tor (m*ss*** r*n**rin*), t** most lik*ly vuln*r**l* *ompon*nts *r*: *) T*