CVE-2025-58767 — Uncontrolled Resource Consumption in Rexml

CWE-400 — Uncontrolled Resource Consumption CWE-776 — XML Entity Expansion8 documents7 sources

Severity

1.2LOWNVD

EPSS

0.0%

top 94.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ruby-lang Rexml Ruby Rexml

Timeline

PublishedSep 17

Description

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDruby-lang/rexml3.3.3 — 3.4.2

▶CVEListV5ruby/rexml>= 3.3.3, < 3.4.2

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

REXML has DoS condition when parsing malformed XML file↗2025-09-17

▶

GHSA

REXML has DoS condition when parsing malformed XML file↗2025-09-17

▶

CVEList

REXML has a DoS condition when parsing malformed XML file↗2025-09-17

▶

OSV

CVE-2025-58767: REXML is an XML toolkit for Ruby↗2025-09-17

▶

📋Vendor Advisories

Red Hat

rexml: REXML denial of service↗2025-09-17

▶

Microsoft

REXML has a DoS condition when parsing malformed XML file↗2025-09-09

▶

Debian

CVE-2025-58767: ruby2.7 - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS v...↗2025

▶