Search for vulnerabilities
Vulnerability details: VCID-gjq7-jc2d-uudy
Vulnerability ID VCID-gjq7-jc2d-uudy
Aliases CVE-2025-27220
GHSA-mhwm-jh88-3gjf
Summary CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1333 Inefficient Regular Expression Complexity
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27220.json
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2025-27220
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mhwm-jh88-3gjf
cvssv3.1 4.0 https://github.com/ruby/cgi
generic_textual MODERATE https://github.com/ruby/cgi
cvssv3.1 4.0 https://github.com/ruby/cgi/pull/52
generic_textual MODERATE https://github.com/ruby/cgi/pull/52
cvssv3.1 4.0 https://github.com/ruby/cgi/pull/53
generic_textual MODERATE https://github.com/ruby/cgi/pull/53
cvssv3.1 4.0 https://github.com/ruby/cgi/pull/54
generic_textual MODERATE https://github.com/ruby/cgi/pull/54
cvssv3.1 4 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
cvssv3.1 4.0 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
ssvc Track https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
cvssv3.1 4 https://hackerone.com/reports/2890322
cvssv3.1 4.0 https://hackerone.com/reports/2890322
generic_textual MODERATE https://hackerone.com/reports/2890322
ssvc Track https://hackerone.com/reports/2890322
cvssv3.1 4.0 https://nvd.nist.gov/vuln/detail/CVE-2025-27220
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-27220
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-27220
cvssv3 4.0 https://www.cve.org/CVERecord?id=CVE-2025-27220
cvssv3.1 4.0 https://www.cve.org/CVERecord?id=CVE-2025-27220
generic_textual MODERATE https://www.cve.org/CVERecord?id=CVE-2025-27220
cvssv3.1 4.0 https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
generic_textual MODERATE https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27220.json
https://api.first.org/data/v1/epss?cve=CVE-2025-27220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27220
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ruby/cgi
https://github.com/ruby/cgi/pull/52
https://github.com/ruby/cgi/pull/53
https://github.com/ruby/cgi/pull/54
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
https://hackerone.com/reports/2890322
https://nvd.nist.gov/vuln/detail/CVE-2025-27220
https://www.cve.org/CVERecord?id=CVE-2025-27220
https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
1103793 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103793
2349696 https://bugzilla.redhat.com/show_bug.cgi?id=2349696
GHSA-mhwm-jh88-3gjf https://github.com/advisories/GHSA-mhwm-jh88-3gjf
RHSA-2025:4063 https://access.redhat.com/errata/RHSA-2025:4063
RHSA-2025:4487 https://access.redhat.com/errata/RHSA-2025:4487
RHSA-2025:4488 https://access.redhat.com/errata/RHSA-2025:4488
USN-7418-1 https://usn.ubuntu.com/7418-1/
USN-7442-1 https://usn.ubuntu.com/7442-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27220.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://github.com/ruby/cgi
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://github.com/ruby/cgi/pull/52
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://github.com/ruby/cgi/pull/53
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://github.com/ruby/cgi/pull/54
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:39:36Z/ Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://hackerone.com/reports/2890322
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://hackerone.com/reports/2890322
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:39:36Z/ Found at https://hackerone.com/reports/2890322
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27220
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27220
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://www.cve.org/CVERecord?id=CVE-2025-27220
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://www.ruby-lang.org/en/news/2025/02/26/security-advisories
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32949
EPSS Score 0.00126
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:12:44.486899+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-mhwm-jh88-3gjf/GHSA-mhwm-jh88-3gjf.json 36.1.3