CVE-2025-58767

ADVISORY - github

Summary

Impact

The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

REXML gems 3.4.2 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/ : An announcement on www.ruby-lang.org

EPSS Score⁠: 0.00024 (0.056)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - github

CWE-400⁠

Uncontrolled Resource Consumption

CWE-776⁠

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADVISORY - redhat

CWE-776⁠

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Impacted images

Advisories

NIST

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-58767⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠

CVSS SCORE

1.2low

GitHub

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDGHSA-c2f4-jgmc-q2r5⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠CWE-776⁠

CVSS SCORE

1.2low

Alpine

CREATED

4 months ago

UPDATED

7 days ago

ADVISORY IDCVE-2025-58767⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 months ago

UPDATED

7 days ago

ADVISORY IDCVE-2025-58767⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

4 months ago

UPDATED

12 days ago

ADVISORY IDCVE-2025-58767⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3low

Alma

CREATED

2 months ago

UPDATED

23 days ago

ADVISORY IDALSA-2025:23062⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

2 months ago

UPDATED

23 days ago

ADVISORY IDALSA-2025:23063⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDALAS2023-2025-1204⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

4 months ago

UPDATED

23 days ago

ADVISORY IDCVE-2025-58767⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-776⁠

CVSS SCORE

5.3medium

Rocky

CREATED

25 days ago

UPDATED

25 days ago

ADVISORY IDRLSA-2025:23062⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

25 days ago

UPDATED

25 days ago

ADVISORY IDRLSA-2025:23063⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

25 days ago

UPDATED

25 days ago

ADVISORY IDRLSA-2025:23141⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-23062⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-23063⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDELSA-2025-23141⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-2765-8r55-8wj7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-2p3g-89rc-jcvh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-3qc9-9hj9-ch8r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-74qh-p38g-mc54

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-8vv6-82pf-cf55

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-9mjq-x3cw-wpq8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-cq62-jf4j-5cx2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-hjr9-533q-3hqp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-hm38-w55m-ch3j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-mhjj-458w-v476

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-mjjp-mpvp-wv53

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-p4qj-qxwh-56jg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-q7qx-ch7j-v954

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-rc5j-r65f-rc4v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-x388-957j-vf83

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-xjr6-mqp3-qgp3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

CVE-2025-58767

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-32f4-q38f-265p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-5f99-r283-2wqp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-5h4w-q34g-h7xr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-6g55-h792-9q8v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-6j48-8p6h-vrc3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-899g-gjvg-6v3r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

MINI-8m63-q8qf-32m8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-9m43-p63c-cq92

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-c45x-3vgw-5c9v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

26 days ago

UPDATED

26 days ago

ADVISORY ID

MINI-f4qj-5987-x4x3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-h2xp-95vc-wm58

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-j2vw-xgpx-r8c7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-m86r-qphm-hjq2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-mcmw-6hhq-fqj2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-mcq5-4qg9-w4cg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-qhrq-67q2-75xg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-qrgc-hv33-22vq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-rc45-4v34-5mgr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

MINI-w4c2-mq72-v5cx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY