CVE-2025-58767 LOW

CVE-2025-58767: REXML has a DoS condition when parsing malformed XML file

Vendor Ruby
Product rexml
Weakness CWE-400
Published September 17, 2025
Last update September 17, 2025

CVSS base score

1.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Key dates

02Disclosure timeline

September 17, 2025 CVE published
September 17, 2025 Record updated