Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Published: Sep 17, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-58767
GHSA: GHSA-c2f4-jgmc-q2r5
Severity: Low
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-400
CWE-776

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
rexml	3.3.3	3.4.2
ruby-lang / rexml	3.3.3	3.4.2

https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23
https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml
https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo