CVE-2025-27788 HIGH

CVE-2025-27788: Ruby JSON Parser has Out-of-bounds Read

Vendor Ruby
Product json
Weakness CWE-125
Published March 12, 2025
Last update March 12, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.

Key dates

02Disclosure timeline

March 12, 2025 CVE published
March 12, 2025 Record updated