CVE-2025-58767
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruby-lang | rexml | From 3.3.3 (inc) to 3.4.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) issue in the REXML XML toolkit for Ruby. It occurs when parsing XML documents that contain multiple XML declarations. Versions of the REXML gem from 3.3.3 to 3.4.1 are affected. The vulnerability can be triggered by processing untrusted XML input, potentially causing the application to become unresponsive or crash. The issue is fixed in version 3.4.2 and later.
How can this vulnerability impact me? :
If you parse untrusted XML data using affected versions of the REXML gem (3.3.3 to 3.4.1), an attacker could exploit this vulnerability to cause a Denial of Service, making your application or service unavailable or unstable. This could disrupt normal operations and affect availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the REXML gem to version 3.4.2 or later, which includes the patches fixing the DoS vulnerability when parsing XML containing multiple XML declarations. Avoid parsing untrusted XMLs with vulnerable versions until the update is applied.