Fluid Attacks Database

Description

REXML has DoS condition when parsing malformed XML file

Impact

The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

REXML gems 3.4.2 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/ : An announcement on www.ruby-lang.org

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	ruby3.3	=3.3.8-2	-
debian 14	ruby3.3	=3.3.8-2	-
rubygems	rexml	>=3.3.3 <3.4.2	3.4.2
debian 11	ruby2.7	=2.7.4-1 \|\| =2.7.4-1+deb11u1 \|\| =2.7.4-1+deb11u2 \|\| =2.7.4-1+deb11u3 \|\| =2.7.4-1+deb11u4 \|\| =2.7.4-1+deb11u5 \|\| =2.7.5-1	-
alpine v3.23	ruby-rexml	=3.2.5-r0 \|\| =3.2.5-r1 \|\| =3.2.5-r2 \|\| =3.2.5-r3 \|\| =3.2.6-r0 \|\| =3.2.6-r1 \|\| =3.2.9-r0 \|\| =3.3.9-r0 \|\| =3.4.0-r0 \|\| =3.4.1-r0 \|\| >=0 <3.4.4-r0	3.4.4-r0
rpm rhel10	ruby	<0:3.3.10-11.el10_1	0:3.3.10-11.el10_1
rpm rhel9	ruby	<0:3.3.10-5.module+el9.7.0+23651+15dc1615	0:3.3.10-5.module+el9.7.0+23651+15dc1615
rpm rhel8	ruby	<0:3.3.10-5.module+el8.10.0+23696+c42b0f57	0:3.3.10-5.module+el8.10.0+23696+c42b0f57
rpm rhel9.4	ruby	<0:3.3.10-5.module+el9.4.0+23769+ab06e946	0:3.3.10-5.module+el9.4.0+23769+ab06e946
rpm rhel9.6	ruby	<0:3.3.10-5.module+el9.6.0+23780+e40d2335	0:3.3.10-5.module+el9.6.0+23780+e40d2335

1-10 of 13

Aliases

1. CVE-2025-587672. NVD-2025-587673. OSV-DEBIAN-2025-587674. OSV-2025-587675. OSV-ALPINE-2025-587676. GHSA-c2f4-jgmc-q2r57. GCVE-2025-587678. SECURITY-TRACKER-CVE-2025-587679. SECURITY-CVE-2025-58767

References

1. https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r52. https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c233. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml4. https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.