Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
REXML can be forced to use excessive CPU when parsing XML files
CVE-2025-10990
Summary
A bug in REXML could cause a denial of service if a malicious XML document is processed. This could happen if an attacker sends a specially crafted XML file to the system. To protect your system, update to the latest version of REXML.
Original title
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lea...
Original description
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.
nvd CVSS3.1
7.5
Vulnerability type
CWE-1333
Inefficient Regular Expression Complexity (ReDoS)
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026