CVE-2025-27220

EUVD-2025-5509
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
ruby-langcgi
𝑥
< 0.3.5.1
ruby-langcgi
0.4.0 ≤
𝑥
< 0.4.2
ruby-langcgi
0.3.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jruby
bionic
needs-triage
focal
needs-triage
jammy
dne
noble
needs-triage
oracular
ignored
plucky
ignored
questing
ignored
resolute
needs-triage
trusty
needs-triage
xenial
ignored
ruby2.3
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
resolute
dne
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm10
released
ruby2.5
bionic
Fixed 2.5.1-1ubuntu1.16+esm4
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
resolute
dne
ruby2.7
focal
Fixed 2.7.0-5ubuntu1.18
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
resolute
dne
ruby3.0
focal
dne
jammy
Fixed 3.0.2-7ubuntu2.10
released
noble
dne
oracular
dne
plucky
dne
questing
dne
resolute
dne
ruby3.2
focal
dne
jammy
dne
noble
Fixed 3.2.3-1ubuntu0.24.04.5
released
oracular
dne
plucky
dne
questing
dne
resolute
dne
ruby3.3
focal
dne
jammy
dne
noble
dne
oracular
Fixed 3.3.4-2ubuntu5.2
released
plucky
Fixed 3.3.7-1ubuntu2
released
questing
Fixed 3.3.7-1ubuntu2
released
resolute
Fixed 3.3.7-1ubuntu2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_5-2_5
suse enterprise desktop 15 SP6
2.5.9-150000.4.41.1
fixed
suse enterprise desktop 15 SP7
2.5.9-150700.24.3.1
fixed
suse enterprise sap 15 SP3
2.5.9-150000.4.41.1
fixed
suse enterprise sap 15 SP4
2.5.9-150000.4.41.1
fixed
suse enterprise sap 15 SP5
2.5.9-150000.4.41.1
fixed
suse enterprise sap 15 SP6
2.5.9-150000.4.41.1
fixed
suse enterprise sap 15 SP7
2.5.9-150700.24.3.1
fixed
suse enterprise server 15 SP2
2.5.9-150000.4.41.1
fixed
suse enterprise server 15 SP3
2.5.9-150000.4.41.1
fixed
suse enterprise server 15 SP4
2.5.9-150000.4.41.1
fixed
suse enterprise server 15 SP5
2.5.9-150000.4.41.1
fixed
suse enterprise server 15 SP6
2.5.9-150000.4.41.1
fixed
suse enterprise server 15 SP7
2.5.9-150700.24.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ruby
RHEL 9
0:3.0.7-165.el9_5
fixed
ruby-default-gems
RHEL 9
0:3.0.7-165.el9_5
fixed
ruby-devel
RHEL 9
0:3.0.7-165.el9_5
fixed
ruby-doc
RHEL 9
0:3.0.7-165.el9_5
fixed
ruby-libs
RHEL 9
0:3.0.7-165.el9_5
fixed
rubygem-bigdecimal
RHEL 9
0:3.0.0-165.el9_5
fixed
rubygem-bundler
RHEL 9
0:2.2.33-165.el9_5
fixed
rubygem-io-console
RHEL 9
0:0.5.7-165.el9_5
fixed
rubygem-irb
RHEL 9
0:1.3.5-165.el9_5
fixed
rubygem-json
RHEL 9
0:2.5.1-165.el9_5
fixed
rubygem-minitest
RHEL 9
0:5.14.2-165.el9_5
fixed
rubygem-power
RHEL 9
0:1.2.1-165.el9_5
fixed
rubygem-psych
RHEL 9
0:3.3.2-165.el9_5
fixed
rubygem-rake
RHEL 9
0:13.0.3-165.el9_5
fixed
rubygem-rbs
RHEL 9
0:1.4.0-165.el9_5
fixed
rubygem-rdoc
RHEL 9
0:6.3.4.1-165.el9_5
fixed
rubygem-rexml
RHEL 9
0:3.2.5-165.el9_5
fixed
rubygem-rss
RHEL 9
0:0.2.9-165.el9_5
fixed
rubygem-test-unit
RHEL 9
0:3.3.7-165.el9_5
fixed
rubygem-typeprof
RHEL 9
0:0.15.2-165.el9_5
fixed
rubygems
RHEL 9
0:3.2.33-165.el9_5
fixed
rubygems-devel
RHEL 9
0:3.2.33-165.el9_5
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby3.2
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-bundled-gems
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-bundled-gems-debuginfo
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-debuginfo
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-debugsource
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-default-gems
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-devel
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-doc
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-libs
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-libs-debuginfo
Amazon Linux 2023
0:3.2.7-183.amzn2023.0.4
fixed
ruby3.2-rubygem-bigdecimal
Amazon Linux 2023
0:3.1.3-183.amzn2023.0.4
fixed
ruby3.2-rubygem-bigdecimal-debuginfo
Amazon Linux 2023
0:3.1.3-183.amzn2023.0.4
fixed
ruby3.2-rubygem-bundler
Amazon Linux 2023
0:2.4.19-183.amzn2023.0.4
fixed
ruby3.2-rubygem-io-console
Amazon Linux 2023
0:0.6.0-183.amzn2023.0.4
fixed
ruby3.2-rubygem-io-console-debuginfo
Amazon Linux 2023
0:0.6.0-183.amzn2023.0.4
fixed
ruby3.2-rubygem-irb
Amazon Linux 2023
0:1.6.2-183.amzn2023.0.4
fixed
ruby3.2-rubygem-json
Amazon Linux 2023
0:2.6.3-183.amzn2023.0.4
fixed
ruby3.2-rubygem-json-debuginfo
Amazon Linux 2023
0:2.6.3-183.amzn2023.0.4
fixed
ruby3.2-rubygem-minitest
Amazon Linux 2023
0:5.25.1-183.amzn2023.0.4
fixed
ruby3.2-rubygem-power_assert
Amazon Linux 2023
0:2.0.3-183.amzn2023.0.4
fixed
ruby3.2-rubygem-psych
Amazon Linux 2023
0:5.0.1-183.amzn2023.0.4
fixed
ruby3.2-rubygem-psych-debuginfo
Amazon Linux 2023
0:5.0.1-183.amzn2023.0.4
fixed
ruby3.2-rubygem-rake
Amazon Linux 2023
0:13.0.6-183.amzn2023.0.4
fixed
ruby3.2-rubygem-rbs
Amazon Linux 2023
0:2.8.2-183.amzn2023.0.4
fixed
ruby3.2-rubygem-rbs-debuginfo
Amazon Linux 2023
0:2.8.2-183.amzn2023.0.4
fixed
ruby3.2-rubygem-rdoc
Amazon Linux 2023
0:6.5.1.1-183.amzn2023.0.4
fixed
ruby3.2-rubygem-rexml
Amazon Linux 2023
0:3.3.9-183.amzn2023.0.4
fixed
ruby3.2-rubygem-rss
Amazon Linux 2023
0:0.3.1-183.amzn2023.0.4
fixed
ruby3.2-rubygem-test-unit
Amazon Linux 2023
0:3.5.7-183.amzn2023.0.4
fixed
ruby3.2-rubygem-typeprof
Amazon Linux 2023
0:0.21.3-183.amzn2023.0.4
fixed
ruby3.2-rubygems
Amazon Linux 2023
0:3.4.19-183.amzn2023.0.4
fixed
ruby3.2-rubygems-devel
Amazon Linux 2023
0:3.4.19-183.amzn2023.0.4
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
ruby
Azure Linux 3.0
0:3.3.5-3.azl3
fixed
CBL-Mariner 2.0
0:3.1.4-9.cm2
fixed