Regular Expression Denial of Service in Ruby's CGI Gem
CVE-2025-27220

4MEDIUM

Key Information:

Vendor: Ruby-lang
Status: Cgi
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-27220?

A Regular Expression Denial of Service (ReDoS) vulnerability is present in the Util#escapeElement method within the CGI gem for Ruby versions prior to 0.4.2. This flaw can be exploited by an attacker to cause significant delays in processing requests, potentially leading to degraded service and application unavailability. The vulnerability arises from insufficiently optimized regular expressions that can be manipulated to consume extensive resources when processing certain inputs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CGI 0 < 0.3.5.1

CGI 0.3.6 < 0.3.7

CGI 0.4.0 < 0.4.2

References

https://hackerone.com/reports/2890322

https://github.com/rubysec/ruby-advisory-db/blob/master/g...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 4, 2025

JSON

Ruby-lang

What is CVE-2025-27220?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.