diff --git a/rubies/ruby/CVE-2025-61594.yml b/rubies/ruby/CVE-2025-61594.yml
new file mode 100644
index 0000000000..9ff22ad5d5
--- /dev/null
+++ b/rubies/ruby/CVE-2025-61594.yml
@@ -0,0 +1,21 @@
+---
+engine: ruby
+cve: 2025-61594
+url: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/
+title: URI Credential Leakage Bypass
+date: 2025-10-07
+description: |
+  A vulnerability in the URI library bundled with Ruby allows sensitive user credentials
+  (such as usernames or passwords) in a URI to be unintentionally leaked when combining
+  URIs using the `+` operator. This issue bypasses the previous fix for CVE-2025-27221.
+
+  The issue affects Ruby's built-in URI implementation prior to Ruby 3.3.10 and 3.4.7.
+patched_versions:
+  - "~> 3.3.10"
+  - ">= 3.4.7"
+related:
+  url:
+    - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-61594.yml
+    - https://www.cve.org/CVERecord?id=CVE-2025-61594
+    - https://www.ruby-lang.org/en/news/2025/10/23/ruby-3-3-10-released/
+    - https://www.ruby-lang.org/en/news/2025/10/07/ruby-3-4-7-released/