Posts | CVE-2025-58767: DoS vulnerability in REXML
CVE-2025-58767: DoS vulnerability in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2025-58767. We strongly recommend upgrading the REXML gem.
Details
Parsing invalid XML containing multiple XML declarations may cause increased execution time and memory usage. Please update REXML gem to version 3.4.2 or later.
Affected versions
- REXML gem from 3.3.3 to 3.4.1
Credits
Thanks to Sofi Aberegg for discovering this issue.
History
- Originally published at 2025-09-18 03:00:00 (UTC)
Posted by naitoh on 18 Sep 2025
35
2025-09-25 15:00:02