- Description
- REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- rexml
CVSS 4.0
- Type
- Secondary
- Base score
- 1.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-400
- Hype score
- Not currently trending
๐ Lambda Watchdog detected that CVE-2025-58767 is no longer present in latest AWS Lambda base image scans. https://t.co/70PNnt2xHA #AWS #Lambda #Security #CVE #DevOps #SecOps
@LambdaWatchdog
23 Feb 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Critical patch for #Fedora42 users! CVE-2025-61594: URI credential leakage bypass CVE-2025-58767: REXML Denial-of-Service Read more: ๐ https://t.co/cyAopv8bZ3 #Security https://t.co/bH52xUKrK4
@Cezar_H_Linux
12 Nov 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ruby: CVE-2025-58767: DoS vulnerability in REXML https://t.co/0ED4XWNcHh #rubylang # #devtalk
@dev_talk
18 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "BEBCE38B-406D-4027-BDA9-322BF4C53189",
"versionEndExcluding": "3.4.2",
"versionStartIncluding": "3.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]