Moderate severityNVD Advisory· Published Mar 3, 2025· Updated Nov 3, 2025
CVE-2025-27219
CVE-2025-27219
Description
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cgiRubyGems | < 0.3.5.1 | 0.3.5.1 |
cgiRubyGems | >= 0.3.6, < 0.3.7 | 0.3.7 |
cgiRubyGems | >= 0.4.0, < 0.4.2 | 0.4.2 |
Affected products
86- osv-coords85 versionspkg:apk/chainguard/elasticsearch-8.17pkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/jruby-9.4-default-rubypkg:apk/chainguard/logstash-9.1-bitnami-compatpkg:apk/chainguard/logstash-9.1-iamguarded-compatpkg:apk/chainguard/logstash-9.1-with-output-opensearchpkg:apk/chainguard/ruby-3.1pkg:apk/chainguard/ruby-3.1-basepkg:apk/chainguard/ruby-3.1-base-devpkg:apk/chainguard/ruby-3.1-devpkg:apk/chainguard/ruby-3.1-docpkg:apk/chainguard/ruby-3.2pkg:apk/chainguard/ruby-3.2-basepkg:apk/chainguard/ruby-3.2-base-devpkg:apk/chainguard/ruby-3.2-devpkg:apk/chainguard/ruby-3.2-docpkg:apk/chainguard/ruby-3.4pkg:apk/chainguard/ruby-3.4-devpkg:apk/chainguard/ruby-3.4-docpkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/jruby-9.4-default-rubypkg:apk/wolfi/logstash-9.1-bitnami-compatpkg:apk/wolfi/logstash-9.1-iamguarded-compatpkg:apk/wolfi/logstash-9.1-with-output-opensearchpkg:apk/wolfi/ruby-3.1pkg:apk/wolfi/ruby-3.1-basepkg:apk/wolfi/ruby-3.1-base-devpkg:apk/wolfi/ruby-3.1-devpkg:apk/wolfi/ruby-3.1-docpkg:apk/wolfi/ruby-3.2pkg:apk/wolfi/ruby-3.2-basepkg:apk/wolfi/ruby-3.2-base-devpkg:apk/wolfi/ruby-3.2-devpkg:apk/wolfi/ruby-3.2-docpkg:apk/wolfi/ruby-3.4pkg:apk/wolfi/ruby-3.4-devpkg:apk/wolfi/ruby-3.4-docpkg:gem/cgipkg:rpm/almalinux/rubypkg:rpm/almalinux/ruby-bundled-gemspkg:rpm/almalinux/ruby-default-gemspkg:rpm/almalinux/ruby-develpkg:rpm/almalinux/ruby-docpkg:rpm/almalinux/rubygem-abrtpkg:rpm/almalinux/rubygem-abrt-docpkg:rpm/almalinux/rubygem-bigdecimalpkg:rpm/almalinux/rubygem-bundlerpkg:rpm/almalinux/rubygem-io-consolepkg:rpm/almalinux/rubygem-irbpkg:rpm/almalinux/rubygem-jsonpkg:rpm/almalinux/rubygem-minitestpkg:rpm/almalinux/rubygem-mysql2pkg:rpm/almalinux/rubygem-mysql2-docpkg:rpm/almalinux/rubygem-pgpkg:rpm/almalinux/rubygem-pg-docpkg:rpm/almalinux/rubygem-power_assertpkg:rpm/almalinux/rubygem-psychpkg:rpm/almalinux/rubygem-raccpkg:rpm/almalinux/rubygem-rakepkg:rpm/almalinux/rubygem-rbspkg:rpm/almalinux/rubygem-rdocpkg:rpm/almalinux/rubygem-rexmlpkg:rpm/almalinux/rubygem-rsspkg:rpm/almalinux/rubygemspkg:rpm/almalinux/rubygems-develpkg:rpm/almalinux/rubygem-test-unitpkg:rpm/almalinux/rubygem-typeprofpkg:rpm/almalinux/ruby-libspkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/ruby2.5&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Server%204.3
< 8.17.10-r13+ 84 more
- (no CPE)range: < 8.17.10-r13
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 0.3.5.1
- (no CPE)range: < 3.3.8-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.3.8-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.3.8-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.3.8-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.3.8-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 3.1.5-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 2.5.22-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 0.7.1-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 1.13.1-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 2.7.2-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 5.20.0-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 0.5.5-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 0.5.5-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 1.5.4-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 1.5.4-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 2.0.3-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 5.1.2-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 1.7.3-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 13.1.0-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.4.0-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 6.6.3.1-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.3.9-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 0.3.1-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.5.22-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.5.22-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.6.1-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 0.21.9-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 3.3.8-4.module_el8.10.0+4022+8b66723c
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150700.24.3.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-gh9q-2xrm-x6qvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27219ghsaADVISORY
- github.com/ruby/cgi/pull/52ghsaWEB
- github.com/ruby/cgi/pull/53ghsaWEB
- github.com/ruby/cgi/pull/54ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.ymlghsaWEB
- hackerone.com/reports/2936778ghsaWEB
- lists.debian.org/debian-lts-announce/2025/03/msg00008.htmlghsaWEB
- www.cve.org/CVERecordghsaWEB
News mentions
0No linked articles in our index yet.