Updated advisory posts against rubysec/ruby-advisory-db@dff94e0

Author: jasnow

advisories/_posts/2025-09-17-CVE-2025-58767.md

@@ -0,0 +1,46 @@
+---
+layout: advisory
+title: 'CVE-2025-58767 (rexml): REXML has DoS condition when parsing malformed XML
+  file'
+comments: false
+categories:
+- rexml
+advisory:
+  gem: rexml
+  cve: 2025-58767
+  ghsa: c2f4-jgmc-q2r5
+  url: https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
+  title: REXML has DoS condition when parsing malformed XML file
+  date: 2025-09-17
+  description: |
+    ### Impact
+
+    The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when
+    parsing XML containing multiple XML declarations. If you need to
+    parse untrusted XMLs, you may be impacted to these vulnerabilities.
+
+    ### Patches
+
+    REXML gems 3.4.2 or later include the patches to fix these vulnerabilities.
+
+    ### Workarounds
+
+    Don't parse untrusted XMLs.
+
+    ### References
+
+    * https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767
+      - An announcement on www.ruby-lang.org
+  cvss_v4: 1.2
+  unaffected_versions:
+  - "< 3.3.3"
+  patched_versions:
+  - ">= 3.4.2"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-58767
+    - https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767
+    - https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
+    - https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23
+    - https://github.com/advisories/GHSA-c2f4-jgmc-q2r5
+---