Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2025-58767
Impact
The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
Patches
REXML gems 3.4.2 or later include the patches to fix these vulnerabilities.
Workarounds
Don't parse untrusted XMLs.
References
- https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/ : An announcement on www.ruby-lang.org
| Software | From | Fixed in |
|---|---|---|
rexml
|
3.3.3 | 3.4.2 |
- https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23
- https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml
- https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime