Medium severity5.3NVD Advisory· Published Sep 17, 2025· Updated Jun 17, 2026
CVE-2025-58767
CVE-2025-58767
Description
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rexmlRubyGems | >= 3.3.3, < 3.4.2 | 3.4.2 |
Affected products
99- osv-coords98 versionspkg:apk/chainguard/gitlab-rails-ce-18.3pkg:apk/chainguard/gitlab-rails-ce-assets-18.3pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-doc-18.3pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-fips-18.3pkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/kube-fluentd-operatorpkg:apk/chainguard/kube-fluentd-operator-compatpkg:apk/chainguard/kube-fluentd-operator-default-configpkg:apk/chainguard/kube-fluentd-operator-oci-entrypointpkg:apk/chainguard/logstash-9.1pkg:apk/chainguard/logstash-9.1-bitnami-compatpkg:apk/chainguard/logstash-9.1-iamguarded-compatpkg:apk/chainguard/logstash-9.1-with-output-opensearchpkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.17pkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.18pkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.17pkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.18pkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.17pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.18pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.17pkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.18pkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/chainguard/trufflerubypkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/kube-fluentd-operatorpkg:apk/wolfi/kube-fluentd-operator-compatpkg:apk/wolfi/kube-fluentd-operator-default-configpkg:apk/wolfi/kube-fluentd-operator-oci-entrypointpkg:apk/wolfi/logstash-9.1pkg:apk/wolfi/logstash-9.1-bitnami-compatpkg:apk/wolfi/logstash-9.1-iamguarded-compatpkg:apk/wolfi/logstash-9.1-with-output-opensearchpkg:apk/wolfi/ruby3.1-fluentd-kubernetes-daemonset-1.17pkg:apk/wolfi/ruby3.1-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/wolfi/ruby3.1-fluentd-kubernetes-daemonset-1.18pkg:apk/wolfi/ruby3.1-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/wolfi/ruby3.2-fluentd-kubernetes-daemonset-1.17pkg:apk/wolfi/ruby3.2-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/wolfi/ruby3.2-fluentd-kubernetes-daemonset-1.18pkg:apk/wolfi/ruby3.2-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/wolfi/ruby3.3-fluentd-kubernetes-daemonset-1.17pkg:apk/wolfi/ruby3.3-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/wolfi/ruby3.3-fluentd-kubernetes-daemonset-1.18pkg:apk/wolfi/ruby3.3-fluentd-kubernetes-daemonset-1.18-kinesispkg:apk/wolfi/ruby3.4-fluentd-kubernetes-daemonset-1.17pkg:apk/wolfi/ruby3.4-fluentd-kubernetes-daemonset-1.17-kinesispkg:apk/wolfi/ruby3.4-fluentd-kubernetes-daemonset-1.18pkg:apk/wolfi/ruby3.4-fluentd-kubernetes-daemonset-1.18-kinesispkg:gem/rexmlpkg:rpm/almalinux/rubypkg:rpm/almalinux/ruby-bundled-gemspkg:rpm/almalinux/ruby-default-gemspkg:rpm/almalinux/ruby-develpkg:rpm/almalinux/ruby-docpkg:rpm/almalinux/rubygem-abrtpkg:rpm/almalinux/rubygem-abrt-docpkg:rpm/almalinux/rubygem-bigdecimalpkg:rpm/almalinux/rubygem-bundlerpkg:rpm/almalinux/rubygem-io-consolepkg:rpm/almalinux/rubygem-irbpkg:rpm/almalinux/rubygem-jsonpkg:rpm/almalinux/rubygem-minitestpkg:rpm/almalinux/rubygem-mysql2pkg:rpm/almalinux/rubygem-mysql2-docpkg:rpm/almalinux/rubygem-pgpkg:rpm/almalinux/rubygem-pg-docpkg:rpm/almalinux/rubygem-power_assertpkg:rpm/almalinux/rubygem-psychpkg:rpm/almalinux/rubygem-raccpkg:rpm/almalinux/rubygem-rakepkg:rpm/almalinux/rubygem-rbspkg:rpm/almalinux/rubygem-rdocpkg:rpm/almalinux/rubygem-rexmlpkg:rpm/almalinux/rubygem-rsspkg:rpm/almalinux/rubygemspkg:rpm/almalinux/rubygems-develpkg:rpm/almalinux/rubygem-test-unitpkg:rpm/almalinux/rubygem-typeprofpkg:rpm/almalinux/ruby-libspkg:rpm/opensuse/ruby3.4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 18.3.2-r2+ 97 more
- (no CPE)range: < 18.3.2-r2
- (no CPE)range: < 18.3.2-r2
- (no CPE)range: < 18.3.2-r1
- (no CPE)range: < 18.3.2-r2
- (no CPE)range: < 18.3.2-r1
- (no CPE)range: < 18.3.2-r1
- (no CPE)range: < 9.4.15.0-r0
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.18.0.1.0-r6
- (no CPE)range: < 1.18.0.1.0-r6
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.16.8.1.0-r4
- (no CPE)range: < 1.17.1.1.2-r8
- (no CPE)range: < 1.17.1.1.2-r8
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 34.0.1-r0
- (no CPE)range: < 9.4.15.0-r0
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 1.18.2-r48
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 9.1.10-r3
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.18.0.1.0-r6
- (no CPE)range: < 1.18.0.1.0-r6
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.17.1.1.2-r7
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.17.1.1.2-r8
- (no CPE)range: < 1.17.1.1.2-r8
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: < 1.18.0.1.0-r5
- (no CPE)range: >= 3.3.3, < 3.4.2
- (no CPE)range: < 3.3.10-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.3.10-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.3.10-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.3.10-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.3.10-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 0.4.0-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 3.1.5-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 2.5.22-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 0.7.1-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 1.13.1-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 2.7.2-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 5.20.0-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 0.5.5-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 0.5.5-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 1.5.4-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 1.5.4-1.module_el8.10.0+3799+191214cc
- (no CPE)range: < 2.0.3-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 5.1.2-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 1.7.3-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 13.1.0-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.4.0-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 6.6.3.1-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.4.4-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 0.3.1-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.5.22-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.5.22-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.6.1-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 0.21.9-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.3.10-5.module_el8.10.0+4075+e5f6dad1
- (no CPE)range: < 3.4.8-1.1
- (no CPE)range: < 2.5.9-150700.24.6.1
- ruby/rexmlv5Range: >= 3.3.3, < 3.4.2
Patches
Vulnerability mechanics
References
6- github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23nvdPatchWEB
- github.com/advisories/GHSA-c2f4-jgmc-q2r5ghsaADVISORY
- github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-58767ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.ymlghsaWEB
- www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767ghsaWEB
News mentions
0No linked articles in our index yet.