Moderate severityNVD Advisory· Published Mar 3, 2025· Updated Nov 3, 2025

CVE-2025-27220

Description

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Ruby CGI gem before 0.4.2 has a ReDoS in Util#escapeElement, allowing CPU exhaustion via crafted input.

The CGI gem for Ruby, versions prior to 0.4.2, contains a Regular Expression Denial of Service (ReDoS) vulnerability in the Util#escapeElement method. This flaw arises from a regex pattern that can exhibit catastrophic backtracking when processing specially crafted strings [1][4]. The affected method is used to escape HTML elements and is part of the CGI utility functions.

Exploitation

An attacker can trigger the ReDoS by providing a maliciously crafted input string to any application that uses Util#escapeElement on untrusted data. No authentication is required if the input is exposed through a public endpoint. The regex engine will consume excessive CPU resources, potentially leading to a denial of service [2][3].

Impact

Successful exploitation results in high CPU usage, which can slow down or halt the Ruby process. This can make the application unresponsive, affecting availability. In multi-threaded or multi-process environments, it can also impact other services running on the same system. The vulnerability is classified with an unknown CVSS vector but has a high availability impact [4].

Mitigation

The vulnerability is fixed in CGI gem version 0.4.2. Users should upgrade to this version or later (0.4.2.x or newer). The fix involved refactoring the regex to avoid catastrophic backtracking [1][2][3]. No workarounds are documented; upgrading is the recommended action.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
cgiRubyGems	< 0.3.5.1	0.3.5.1
cgiRubyGems	>= 0.3.6, < 0.3.7	0.3.7
cgiRubyGems	>= 0.4.0, < 0.4.2	0.4.2

Affected products

Cgiirc/Cgi\llm-fuzzy
Range: <0.4.2
osv-coords84 versions
pkg:apk/chainguard/elasticsearch-8.17 pkg:apk/chainguard/jruby-9.4 pkg:apk/chainguard/jruby-9.4-default-ruby pkg:apk/chainguard/logstash-9.1-bitnami-compat pkg:apk/chainguard/logstash-9.1-iamguarded-compat pkg:apk/chainguard/logstash-9.1-with-output-opensearch pkg:apk/chainguard/ruby-3.1 pkg:apk/chainguard/ruby-3.1-base pkg:apk/chainguard/ruby-3.1-base-dev pkg:apk/chainguard/ruby-3.1-dev pkg:apk/chainguard/ruby-3.1-doc pkg:apk/chainguard/ruby-3.2 pkg:apk/chainguard/ruby-3.2-base pkg:apk/chainguard/ruby-3.2-base-dev pkg:apk/chainguard/ruby-3.2-dev pkg:apk/chainguard/ruby-3.2-doc pkg:apk/chainguard/ruby-3.4 pkg:apk/chainguard/ruby-3.4-dev pkg:apk/chainguard/ruby-3.4-doc pkg:apk/wolfi/jruby-9.4 pkg:apk/wolfi/jruby-9.4-default-ruby pkg:apk/wolfi/logstash-9.1-bitnami-compat pkg:apk/wolfi/logstash-9.1-iamguarded-compat pkg:apk/wolfi/logstash-9.1-with-output-opensearch pkg:apk/wolfi/ruby-3.1 pkg:apk/wolfi/ruby-3.1-base pkg:apk/wolfi/ruby-3.1-base-dev pkg:apk/wolfi/ruby-3.1-dev pkg:apk/wolfi/ruby-3.1-doc pkg:apk/wolfi/ruby-3.2 pkg:apk/wolfi/ruby-3.2-base pkg:apk/wolfi/ruby-3.2-base-dev pkg:apk/wolfi/ruby-3.2-dev pkg:apk/wolfi/ruby-3.2-doc pkg:apk/wolfi/ruby-3.4 pkg:apk/wolfi/ruby-3.4-dev pkg:apk/wolfi/ruby-3.4-doc pkg:gem/cgi pkg:rpm/almalinux/ruby pkg:rpm/almalinux/ruby-bundled-gems pkg:rpm/almalinux/ruby-default-gems pkg:rpm/almalinux/ruby-devel pkg:rpm/almalinux/ruby-doc pkg:rpm/almalinux/rubygem-abrt pkg:rpm/almalinux/rubygem-abrt-doc pkg:rpm/almalinux/rubygem-bigdecimal pkg:rpm/almalinux/rubygem-bundler pkg:rpm/almalinux/rubygem-io-console pkg:rpm/almalinux/rubygem-irb pkg:rpm/almalinux/rubygem-json pkg:rpm/almalinux/rubygem-minitest pkg:rpm/almalinux/rubygem-mysql2 pkg:rpm/almalinux/rubygem-mysql2-doc pkg:rpm/almalinux/rubygem-pg pkg:rpm/almalinux/rubygem-pg-doc pkg:rpm/almalinux/rubygem-power_assert pkg:rpm/almalinux/rubygem-psych pkg:rpm/almalinux/rubygem-rake pkg:rpm/almalinux/rubygem-rbs pkg:rpm/almalinux/rubygem-rdoc pkg:rpm/almalinux/rubygem-rexml pkg:rpm/almalinux/rubygem-rss pkg:rpm/almalinux/rubygems pkg:rpm/almalinux/rubygems-devel pkg:rpm/almalinux/rubygem-test-unit pkg:rpm/almalinux/rubygem-typeprof pkg:rpm/almalinux/ruby-libs pkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/ruby2.5&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Server%204.3
< 8.17.10-r13+ 83 more
- (no CPE)range: < 8.17.10-r13
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.4.14.0-r0
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.1.6-r12
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.2.7-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 0.3.5.1
- (no CPE)range: < 3.1.7-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.1.7-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.1.7-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.1.7-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.1.7-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 0.4.0-1.module_el8.9.0+3746+91b8233a
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3854+02eaa59a
- (no CPE)range: < 3.1.1-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 2.3.27-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 0.5.11-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 1.4.1-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 2.6.1-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 5.15.0-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 0.5.3-3.module_el8.10.0+3854+02eaa59a
- (no CPE)range: < 0.5.3-3.module_el8.10.0+3854+02eaa59a
- (no CPE)range: < 1.3.2-1.module_el8.10.0+3854+02eaa59a
- (no CPE)range: < 1.3.2-1.module_el8.10.0+3854+02eaa59a
- (no CPE)range: < 2.0.1-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 4.0.4-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 13.0.6-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 2.7.0-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 6.4.1.1-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.3.9-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 0.3.1-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.3.27-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.3.27-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.5.3-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 0.21.3-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 3.1.7-145.module_el8.10.0+3984+cf55e3df
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150700.24.3.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
- (no CPE)range: < 2.5.9-150000.4.41.1
ruby-lang/CGIv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-mhwm-jh88-3gjfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-27220ghsaADVISORY
github.com/ruby/cgi/pull/52ghsaWEB
github.com/ruby/cgi/pull/53ghsaWEB
github.com/ruby/cgi/pull/54ghsaWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.ymlghsaWEB
hackerone.com/reports/2890322ghsaWEB
lists.debian.org/debian-lts-announce/2025/03/msg00008.htmlghsaWEB
www.cve.org/CVERecordghsaWEB
www.ruby-lang.org/en/news/2025/02/26/security-advisoriesghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000