QwikSec

Security Database

CVE

CWE

Training

CVE-2025-58767

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Vendor	Product	Versions
ruby	rexml	affected `>= 3.3.3, < 3.4.2`

Weaknesses (CWE)

References

https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5

x_refsource_CONFIRM

https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.