CVE-2025-58767

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions REXML versions 3.3.3 through 3.4.1

Description REXML, an XML toolkit for Ruby, is susceptible to a denial-of-service issue when processing XML data containing multiple XML declarations. Parsing untrusted XMLs may lead to this issue.

Recommendations Update to REXML version 3.4.2 or later. Avoid parsing untrusted XMLs.

Exploit

Fix

DoS

XML Entity Expansion

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776CWE-400

Related Identifiers

ALSA-2025:23062

ALSA-2025:23063

ALSA-2025:23141

AZL-67611

AZL-67614

CVE-2025-58767

ECHO-7954-8107-56BA

GHSA-C2F4-JGMC-Q2R5

OESA-2025-2655

OPENSUSE-SU-2025:15828-1

RHSA-2025:23140

SUSE-SU-2026:1066-1

Affected Products

Almalinux

Centos

Debian

Rexml

Red Hat

Red Os

Rocky Linux

CVE-2025-58767

Weakness Enumeration

Related Identifiers

Affected Products

References · 56