CVE-2025-58767
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-30

Assigner: GitHub, Inc.

Description
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-30
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58767
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ruby-lang rexml From 3.3.3 (inc) to 3.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Denial of Service (DoS) issue in the REXML XML toolkit for Ruby. It occurs when parsing XML documents that contain multiple XML declarations. Versions of the REXML gem from 3.3.3 to 3.4.1 are affected. The vulnerability can be triggered by processing untrusted XML input, potentially causing the application to become unresponsive or crash. The issue is fixed in version 3.4.2 and later.

Impact Analysis

If you parse untrusted XML data using affected versions of the REXML gem (3.3.3 to 3.4.1), an attacker could exploit this vulnerability to cause a Denial of Service, making your application or service unavailable or unstable. This could disrupt normal operations and affect availability.

Mitigation Strategies

To mitigate this vulnerability, update the REXML gem to version 3.4.2 or later, which includes the patches fixing the DoS vulnerability when parsing XML containing multiple XML declarations. Avoid parsing untrusted XMLs with vulnerable versions until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58767. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart