CVE-2025-27219

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2

Description The CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes, leading to excessive resource consumption when parsing extremely large cookies.

Recommendations For CGI gem versions prior to 0.4.2, update the CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the size of cookie values to prevent excessive resource consumption.

Exploit

Fix

DoS

Allocation of Resources Without Limits

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-20CWE-400

Related Identifiers

ALSA-2025:10217

ALSA-2025:4063

ALSA-2025:4488

ALSA-2025:8131

ALSA-2025_10217

ALSA-2025_4488

AZL-57828

AZL-57923

BDU:2025-05128

CESA-2025_10217

CESA-2025_4063

CVE-2025-27219

DLA-4082-1

ECHO-66E4-E8D1-C7E8

GHSA-GH9Q-2XRM-X6QV

INFSA-2025_10217

INFSA-2025_4063

INFSA-2025_4487

INFSA-2025_4488

INFSA-2025_4493

MGASA-2025-0290

OESA-2025-1244

OESA-2025-1261

OESA-2025-1262

OESA-2025-1263

OESA-2025-1264

OPENSUSE-SU-2025_1369-1

RHSA-2025:10217

RHSA-2025:4063

RHSA-2025:4487

RHSA-2025:4488

RHSA-2025:4493

RHSA-2025:8131

RHSA-2025_10217

RHSA-2025_4063

RHSA-2025_4487

RHSA-2025_4488

RHSA-2025_4493

SUSE-SU-2025:1369-1

SUSE-SU-2025:4264-1

USN-7418-1

USN-7442-1

Affected Products

Almalinux

Cgi::Cookie

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-27219

Weakness Enumeration

Related Identifiers

Affected Products

References · 124