CVE-2025-58767
Public on 2025-09-17
Modified on 2025-09-18
Description
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | ruby | No Fix Planned | ||
| Amazon Linux 2 - Core | ruby | Not Affected | ||
| Amazon Linux 1 | ruby19 | No Fix Planned | ||
| Amazon Linux 1 | ruby20 | No Fix Planned | ||
| Amazon Linux 1 | ruby21 | No Fix Planned | ||
| Amazon Linux 1 | ruby23 | No Fix Planned | ||
| Amazon Linux 1 | ruby24 | No Fix Planned | ||
| Amazon Linux 2023 | ruby3.2 | 2025-09-29 | ALAS2023-2025-1204 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| NVD | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |