CVE-2025-58767
published 2025-09-17CVE-2025-58767: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need…
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.23%
13.9th percentile
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby2.7 | — | — |
| debian | ruby3.1 | — | — |
| debian | ruby3.3 | — | — |
| msrc | azl3_ruby_3.3.5-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_ruby_3.3.5-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_ruby_3.3.5-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_rubygem-rexml_3.3.9-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_rubygem-rexml_3.3.9-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_ruby_3.1.7-3_on_cbl_mariner_2.0 | — | — |
| ruby-lang | rexml | >= 3.3.3 < 3.4.2 | 3.4.2 |
| ruby | rexml | — | — |
| ruby | rexml | >= 3.3.3 < 3.4.2 | 3.4.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv4.01.2LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv1.2LOW
vendor_msrc7.5HIGH
vendor_debian1.2LOW
vendor_redhat1.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
REXML has DoS condition when parsing malformed XML file
osv·2025-09-17
CVE-2025-58767 [LOW] REXML has DoS condition when parsing malformed XML file
REXML has DoS condition when parsing malformed XML file
### Impact
The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
### Patches
REXML gems 3.4.2 or later include the patches to fix these vulnerabilities.
### Workarounds
Don't parse untrusted XMLs.
### References
* https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/ : An announcement on www.ruby-lang.org
GHSA
REXML has DoS condition when parsing malformed XML file
ghsa·2025-09-17
CVE-2025-58767 [LOW] CWE-400 REXML has DoS condition when parsing malformed XML file
REXML has DoS condition when parsing malformed XML file
### Impact
The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
### Patches
REXML gems 3.4.2 or later include the patches to fix these vulnerabilities.
### Workarounds
Don't parse untrusted XMLs.
### References
* https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/ : An announcement on www.ruby-lang.org
OSV
CVE-2025-58767: REXML is an XML toolkit for Ruby
osv·2025-09-17·CVSS 1.2
CVE-2025-58767 [LOW] CVE-2025-58767: REXML is an XML toolkit for Ruby
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
Red Hat
rexml: REXML denial of service
vendor_redhat·2025-09-17·CVSS 1.2
CVE-2025-58767 [LOW] CWE-776 rexml: REXML denial of service
rexml: REXML denial of service
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance.
Statement: Red Hat Product Security team has rated this vulnerability as having the 'Moderate' severity, with the final CVSSv3.1 score of 5.3 as the final impact in availability is restricted to the application consuming the REXML package and not the whole system.
Mitigation
Microsoft
REXML has a DoS condition when parsing malformed XML file
vendor_msrc·2025-09-09·CVSS 7.5
CVE-2025-58767 [LOW] CWE-400 REXML has a DoS condition when parsing malformed XML file
REXML has a DoS condition when parsing malformed XML file
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https
Debian
CVE-2025-58767: ruby2.7 - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS v...
vendor_debian·2025·CVSS 1.2
CVE-2025-58767 [LOW] CVE-2025-58767: ruby2.7 - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS v...
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
2025-09-17
Published