Plattform
c
Komponente
libxml2
Behoben in
2.12.10
2.13.6
CVE-2025-24928 represents a stack-buffer overflow vulnerability discovered in Nokogiri, a popular Ruby library for parsing HTML and XML. This flaw, originating from an update to the underlying libxml2 library, allows a remote attacker to potentially crash the application by crafting malicious XML input. The vulnerability affects versions of Nokogiri up to and including 1.9.1, with a fix available in version 1.18.3.
The core impact of CVE-2025-24928 lies in the potential for a stack-buffer overflow. An attacker can exploit this by providing specially crafted XML input containing a long QName prefix (approximately 3KB). This input triggers a validation error within libxml2, leading to the overflow. While a full remote code execution (RCE) is not immediately apparent, a crash can disrupt service and potentially lead to denial-of-service (DoS) conditions. The severity is classified as LOW, suggesting the exploitability is somewhat limited, but the potential for application instability remains a concern. Successful exploitation could also reveal information about the system's memory layout, potentially aiding further attacks.
CVE-2025-24928 is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low due to the requirement for specific XML input and the lack of readily available public exploits. While a public proof-of-concept (PoC) is not yet widely available, the vulnerability's presence in a widely used library like Nokogiri warrants attention. The vulnerability was disclosed on February 18, 2025, alongside the release of the patched version.
Applications built with Ruby that rely on Nokogiri for XML or HTML parsing are at risk. This includes web applications, data processing pipelines, and any system that consumes XML from untrusted sources. Specifically, systems using older versions of Nokogiri in production environments are particularly vulnerable.
• ruby / gem: Check Nokogiri version using gem list nokogiri. If the version is ≤1.9.1, the system is vulnerable.
gem list nokogiri• ruby / application: Inspect application logs for errors related to XML parsing or libxml2. Look for stack traces indicating memory corruption. • generic web: If Nokogiri is used to process user-supplied XML, monitor for unusually large XML requests. Implement rate limiting to prevent excessive requests.
disclosure
Exploit-Status
EPSS
0.24% (46% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-24928 is to upgrade Nokogiri to version 1.18.3 or later. This version incorporates the patched libxml2 library, resolving the underlying vulnerability. If an immediate upgrade is not feasible due to compatibility issues, consider implementing input validation to restrict the length of QName prefixes in XML documents processed by Nokogiri. While not a complete solution, this can reduce the attack surface. Web application firewalls (WAFs) configured to detect and block excessively long XML elements could also provide a layer of defense. After upgrading, confirm the fix by attempting to parse a large XML document with a long QName prefix; the application should not crash.
Actualice la biblioteca libxml2 a la versión 2.12.10 o superior, o a la versión 2.13.6 o superior, según corresponda. Esto solucionará la vulnerabilidad de desbordamiento de búfer basado en pila. Asegúrese de que la validación DTD se realice solo en documentos y DTD confiables.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24928 is a stack-buffer overflow vulnerability in Nokogiri versions up to 1.9.1, caused by a flaw in the updated libxml2 library. An attacker can trigger this by providing malicious XML input.
Yes, if you are using Nokogiri version 1.9.1 or earlier, you are affected by this vulnerability. Check your version with gem list nokogiri.
Upgrade Nokogiri to version 1.18.3 or later. This version includes the necessary fix for the underlying libxml2 vulnerability.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's presence in a widely used library warrants vigilance.
Refer to the Nokogiri project's release notes and security advisories on their website or GitHub repository for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.