Home > Vulnerability Database > CVE-2025-58767

Mend.io Vulnerability Database

CVE-2025-58767

Good to know:

Date: September 17, 2025

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Severity Score

4.0

Related Resources (6)

Url: https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23

Url: https://github.com/ruby/rexml

Url: https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767

Url: https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58767

Url: https://www.mend.io/vulnerability-database/CVE-2025-58767

Severity Score

4.0

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-776

Top Fix

Upgrade Version

Upgrade to version rexml - 3.4.2

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58767

Good to know:

Date: September 17, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?