CVE-2025-27220
published 2025-03-04CVE-2025-27220: In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.6th percentile
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby2.7 | < ruby2.7 2.7.4-1+deb11u5 (bullseye) | ruby2.7 2.7.4-1+deb11u5 (bullseye) |
| debian | ruby3.1 | < ruby2.7 2.7.4-1+deb11u5 (bullseye) | ruby2.7 2.7.4-1+deb11u5 (bullseye) |
| debian | ruby3.3 | < ruby2.7 2.7.4-1+deb11u5 (bullseye) | ruby2.7 2.7.4-1+deb11u5 (bullseye) |
| msrc | azl3_ruby_3.3.5-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_ruby_3.1.4-9_on_cbl_mariner_2.0 | — | — |
| ruby-lang | cgi | < 0.3.5.1 | 0.3.5.1 |
| ruby-lang | cgi | — | — |
| ruby-lang | cgi | >= 0 < 0.3.5.1 | 0.3.5.1 |
| ruby-lang | cgi | >= 0.3.6 < 0.3.7 | 0.3.7 |
| ruby-lang | cgi | >= 0.3.6 < 0.3.7 | 0.3.7 |
| ruby-lang | cgi | >= 0.4.0 < 0.4.2 | 0.4.2 |
| ruby-lang | cgi | >= 0.4.0 < 0.4.2 | 0.4.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian4.0MEDIUM
vendor_msrc4.0MEDIUM
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ruby2.3, ruby2.5 vulnerabilities
osv·2025-04-17·CVSS 6.6
CVE-2025-27219 [MEDIUM] ruby2.3, ruby2.5 vulnerabilities
ruby2.3, ruby2.5 vulnerabilities
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
cookies. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2025-27219)
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
regular expressions. A remote attacker could possibly use this issue to
consume resources, leading to a denial of service. (CVE-2025-27220)
It was discovered that the Ruby URI gem incorrectly handled certain URI
handling methods. A remote attacker could possibly use this issue to leak
authentication credentials. (CVE-2025-27221)
It was discovered that the Ruby REXML gem incorrectly handled parsing XML
documents containing many digits in a hex numeric character reference. A
remot
OSV
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
osv·2025-04-07·CVSS 5.3
CVE-2024-35176 [MEDIUM] ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-25186)
OSV
CVE-2025-27220: In the CGI gem before 0
osv·2025-03-04·CVSS 7.5
CVE-2025-27220 [HIGH] CVE-2025-27220: In the CGI gem before 0
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
GHSA
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
ghsa·2025-03-03·CVSS 7.5
CVE-2025-27220 [HIGH] CWE-1333 CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem.
## Details
The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption.
This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later.
## Affected versions
cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1.
## Credits
Thanks to svalkanov for discovering this issue.
Also thanks to nobu for fixing this vulnerability.
OSV
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
osv·2025-03-03·CVSS 7.5
CVE-2025-27220 [HIGH] CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem.
## Details
The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption.
This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later.
## Affected versions
cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1.
## Credits
Thanks to svalkanov for discovering this issue.
Also thanks to nobu for fixing this vulnerability.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2025-04-17·CVSS 7.5
CVE-2025-27220 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
cookies. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2025-27219)
It was discovered that the Ruby CGI gem incorrectly handled parsing certain
regular expressions. A remote attacker could possibly use this issue to
consume resources, leading to a denial of service. (CVE-2025-27220)
It was discovered that the Ruby URI gem incorrectly handled certain URI
handling methods. A remote attacker could possibly use this issue to leak
authentication credentials. (CVE-2025-27221)
It was discovered that the Ruby REXML gem incorrectly handled parsing XML
documents containing many dig
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2025-04-07·CVSS 5.3
CVE-2024-35176 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and
Microsoft
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
vendor_msrc·2025-03-11·CVSS 4.0
CVE-2025-27220 [MEDIUM] CWE-1333 In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Custom
Red Hat
CGI: ReDoS in CGI::Util#escapeElement
vendor_redhat·2025-03-03·CVSS 4.0
CVE-2025-27220 [MEDIUM] CWE-1333 CGI: ReDoS in CGI::Util#escapeElement
CGI: ReDoS in CGI::Util#escapeElement
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
A flaw was found in Ruby's CGI gem. The CGI::Util#escapeElement method is vulnerable to Regular expression Denial of Service (ReDoS), allowing a specially crafted input to cause a high CPU consumption.
Statement: This issue will cause an excessive resource consumption, potentially resulting in a degraded application performance. However, an attacker does have the ability to completely deny service to legitimate users. As such, Red hat has rated the CVSS Availability as LOW instead of HIGH.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Pr
Debian
CVE-2025-27220: ruby2.7 - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (Re...
vendor_debian·2025·CVSS 4.0
CVE-2025-27220 [MEDIUM] CVE-2025-27220: ruby2.7 - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (Re...
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
Scope: local
bullseye: resolved (fixed in 2.7.4-1+deb11u5)
No detection rules found.
No public exploits indexed.
2025-03-04
Published