REXML has a DoS condition when parsing malformed XML file

1.2 / 10

LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

Description

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Basic Information

ID CVE-2025-58767

Source GitHub_M

Published Sep 17, 2025 at 17:45

Modified Sep 17, 2025 at 17:54

Affected Product

Vendor ruby

Product rexml

Version >= 3.3.3, < 3.4.2

Affected Versions ruby rexml >= 3.3.3, < 3.4.2

CWE Classification

CWE-400

References

{
    "lastseen": "",
    "description": "REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.",
    "published": "2025-09-17T17:45:58.118Z",
    "modified": "2025-09-17T17:54:00.334Z",
    "type": "cve",
    "title": "REXML has a DoS condition when parsing malformed XML file",
    "source": "GitHub_M",
    "references": "https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5\nhttps://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23",
    "id": "CVE-2025-58767",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "ruby rexml >= 3.3.3, < 3.4.2",
    "sourceHref": "",
    "cvss": {
        "score": 1.2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "rexml",
    "version": ">= 3.3.3, < 3.4.2",
    "vendor": "ruby",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

REXML has a DoS condition when parsing malformed XML file_CVE-2025-58767