CVE-2025-58767 is a denial-of-service (DoS) vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting the REXML gem, an XML parsing toolkit for the Ruby programming language. The vulnerability exists in versions 3.3.3 through 3.4.1 of the REXML gem. It arises when the parser processes XML documents containing multiple XML declarations, which can lead to excessive resource consumption, potentially exhausting system resources such as CPU and memory. This uncontrolled resource consumption can cause the application or service using REXML to become unresponsive or crash, leading to a denial of service. The vulnerability does not require user interaction, authentication, or network access beyond local invocation, as indicated by the CVSS vector (AV:L). The issue was addressed in version 3.4.2 of the REXML gem, which includes patches to mitigate this vulnerability. No known exploits are currently reported in the wild. Given the low CVSS score of 1.2, the impact is limited primarily to availability under specific conditions where untrusted XML input with multiple declarations is parsed by vulnerable versions of REXML.

For European organizations, the primary impact of this vulnerability is the potential disruption of services that rely on Ruby applications using the affected REXML versions to parse XML data, especially if these applications process untrusted or externally sourced XML inputs. This could affect web applications, APIs, or backend services that handle XML configurations or data interchange formats. While the vulnerability does not compromise confidentiality or integrity, the denial-of-service condition could lead to temporary service outages, affecting business continuity and user experience. Organizations in sectors with high reliance on Ruby-based infrastructure, such as fintech, e-commerce, and software development companies, may face operational risks. The low severity and lack of known exploits reduce the immediate threat level, but unpatched systems remain vulnerable to potential exploitation, especially in environments where XML input validation is insufficient.

European organizations should take the following specific actions to mitigate this vulnerability: 1) Identify all Ruby applications and services using the REXML gem, particularly versions between 3.3.3 and 3.4.1. 2) Upgrade the REXML gem to version 3.4.2 or later, which contains the fix for this vulnerability. 3) Implement strict input validation and sanitization for XML data, especially when processing untrusted sources, to detect and reject XML documents with multiple XML declarations. 4) Employ runtime monitoring and resource usage limits on applications parsing XML to detect abnormal consumption patterns indicative of exploitation attempts. 5) For critical systems, consider using alternative XML parsing libraries with robust security features if upgrading REXML is not immediately feasible. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely updates. 7) Conduct security testing and code reviews focusing on XML parsing logic to identify and remediate similar resource exhaustion risks.