PT-2025-46138 · Red Hat+1 · Red Hat Satellite 6.16 For Rhel 8+11
Published
2026-02-27
·
Updated
2026-03-04
·
CVE-2025-10990
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
REXML (affected versions not specified)
Description
A flaw exists in REXML related to inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...) in XML documents. This can lead to a Regular Expression Denial of Service (ReDoS), potentially impacting the availability of the affected component. This issue is a result of an incomplete fix for a previously identified issue. The vulnerability involves the parsing of
&#x...; entities within XML data.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Satellite 6.16 For Rhel 8
Red Hat Satellite 6.16 For Rhel 9
Red Hat Satellite 6.17 For Rhel 9
Satellite Client 6 For Rhel 8
Satellite Client 6 For Rhel 9
Jruby
Ruby2.3
Ruby2.5
Ruby2.7
Ruby3.0
Ruby3.2
Ruby3.3