{"api_version":"1","generated_at":"2026-07-07T12:18:46+00:00","cve":"CVE-2025-10990","urls":{"html":"https://cve.report/CVE-2025-10990","api":"https://cve.report/api/cve/CVE-2025-10990.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-10990","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-10990"},"summary":{"title":"Rexml: rexml: denial of service via inefficient regex parsing","description":"A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-02-27 14:16:27","updated_at":"2026-06-26 00:16:45"},"problem_types":["CWE-1333","CWE-1333 Inefficient Regular Expression Complexity"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:17606","name":"https://access.redhat.com/errata/RHSA-2025:17606","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:17613","name":"https://access.redhat.com/errata/RHSA-2025:17613","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f","name":"https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398216","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2398216","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/","name":"https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-10990","name":"https://access.redhat.com/security/cve/CVE-2025-10990","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:17693","name":"https://access.redhat.com/errata/RHSA-2025:17693","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m","name":"https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-10990","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10990","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 8","version":"unaffected 0:8.8.1-3.el8sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 8","version":"unaffected 0:8.8.1-3.el8sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 9","version":"unaffected 0:8.8.1-3.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 9","version":"unaffected 0:8.8.1-3.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:8.8.1-3.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","version":"unaffected 0:8.8.1-3.el9sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Satellite Client 6 for RHEL 8","version":"unaffected 0:7.34.0-4.el8sat * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Satellite Client 6 for RHEL 9","version":"unaffected 0:7.34.0-4.el9sat * rpm","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-09-25T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-09-25T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"10990","cve":"CVE-2025-10990","epss":"0.004680000","percentile":"0.370860000","score_date":"2026-06-29","updated_at":"2026-06-30 00:06:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-10990","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-02-27T18:43:48.686335Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-27T18:43:57.501Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://www.redhat.com/en/technologies/management/satellite","defaultStatus":"unaffected","packageName":"Red Hat Satellite","versions":[{"status":"unaffected","version":"6.17.5"},{"status":"unaffected","version":"6.16.5.4"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Red Hat Satellite 6.16 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.8.1-3.el8sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Red Hat Satellite 6.16 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.8.1-3.el8sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Red Hat Satellite 6.16 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.8.1-3.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Red Hat Satellite 6.16 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.8.1-3.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9","cpe:/a:redhat:satellite_utils:6.17::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.8.1-3.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9","cpe:/a:redhat:satellite_utils:6.17::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.8.1-3.el9sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_satellite_client:6::el8","cpe:/a:redhat:rhel_satellite_client:6::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Satellite Client 6 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.34.0-4.el8sat","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_satellite_client:6::el8","cpe:/a:redhat:rhel_satellite_client:6::el9"],"defaultStatus":"affected","packageName":"puppet-agent","product":"Satellite Client 6 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.34.0-4.el9sat","versionType":"rpm"}]}],"datePublic":"2025-09-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1333","description":"Inefficient Regular Expression Complexity","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-25T23:53:54.096Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:17606","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:17606"},{"name":"RHSA-2025:17613","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:17613"},{"name":"RHSA-2025:17693","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:17693"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-10990"},{"name":"RHBZ#2398216","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398216"},{"url":"https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f"},{"url":"https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m"},{"url":"https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/"}],"timeline":[{"lang":"en","time":"2025-09-25T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-09-25T00:00:00.000Z","value":"Made public."}],"title":"Rexml: rexml: denial of service via inefficient regex parsing","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-1333: Inefficient Regular Expression Complexity"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-10990","datePublished":"2026-02-27T13:32:02.309Z","dateReserved":"2025-09-25T17:30:55.821Z","dateUpdated":"2026-06-25T23:53:54.096Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-02-27 14:16:27","lastModifiedDate":"2026-06-26 00:16:45","problem_types":["CWE-1333","CWE-1333 Inefficient Regular Expression Complexity"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-27T18:43:48.686335Z","id":"CVE-2025-10990","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"10990","Ordinal":"1","Title":"Rexml: rexml: denial of service via inefficient regex parsing","CVE":"CVE-2025-10990","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"10990","Ordinal":"1","NoteData":"A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.","Type":"Description","Title":"Rexml: rexml: denial of service via inefficient regex parsing"}]}}}