CVE-2025-58767 — MEDIUM (5.3)

Q: How severe is CVE-2025-58767?

CVE-2025-58767 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-58767?

Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Rexml.

Vulnerability Description

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Ruby-Lang	Rexml	>= 3.3.3, < 3.4.2

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2025-58767?

CVE-2025-58767 is a vulnerability with a CVSS score of 5.3 (MEDIUM). REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impa...

How severe is CVE-2025-58767?

CVE-2025-58767 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-58767?

Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Rexml.