CVE-2025-27220

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2

Description A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. This issue can lead to high CPU consumption due to crafted input. The vulnerability affects Ruby versions 3.1 and 3.2.

Recommendations For CGI gem versions prior to 0.4.2, update the CGI gem to version 0.4.2 or later. As a temporary workaround, consider restricting the use of the Util#escapeElement method until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

ALSA-2025:4063

ALSA-2025:4488

ALSA-2025_4488

AZL-57791

AZL-57938

BDU:2025-05132

CESA-2025_4063

CVE-2025-27220

DLA-4082-1

ECHO-EDF3-CB70-6D3E

GHSA-MHWM-JH88-3GJF

INFSA-2025_4063

INFSA-2025_4487

INFSA-2025_4488

MGASA-2025-0290

OESA-2025-1244

OESA-2025-1261

OESA-2025-1262

OESA-2025-1263

OESA-2025-1264

OPENSUSE-SU-2025_1369-1

RHSA-2025:4063

RHSA-2025:4487

RHSA-2025:4488

RHSA-2025_4063

RHSA-2025_4487

RHSA-2025_4488

SUSE-SU-2025:1369-1

SUSE-SU-2025:4264-1

USN-7418-1

USN-7442-1

Affected Products

Almalinux

Cgi

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-27220

Weakness Enumeration

Related Identifiers

Affected Products

References · 106