Challenge Release: Ruby on Rails Cross-Site Request Forgery Incident

19/11/2025

In 2025, a critical vulnerability in Ruby on Rails Cross-Site Request Forgery (CSRF) protection mechanism has been identified, affecting all versions since the 2022/2023 “fix” and persisting in the current implementation. This flaw undermines the framework’s ability to secure applications against CSRF attacks, potentially allowing attackers to forge or replay tokens and execute unauthorized actions on behalf of users.

We made challenges for this vulnerability, taking inspiration from the Ruby on Rails CSRF Flaw Incident, also covered by CyberPress

Available Now

Limited time Weekly Incident Game

SecDim Play - Weekly Incident Game

In catalog:

Python
JavaScript
Java
PHP
Go
Ruby

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.