CVE-2025-27219

Published Mar 4, 2025

Last updated a month ago

CVSS medium 5.8

Overview

Description
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-770
nvd@nist.gov
CWE-770

Social media

Hype score
Not currently trending

  1. CVE-2025-27219 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not … https://t.co/8Be7aTvUKT

    @CVEnew

    7 Mar 2025

    220 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Lambda Watchdog detected a new MEDIUM severity CVE 🚨 CVE-2025-27219 was detected in the latest AWS Lambda image scan affecting the cgi package in 2 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless

    @LambdaWatchdog

    4 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔴 CGI, Denial of Service (DoS), #CVE-2025-27219 (High) https://t.co/BWLANoW7Jt

    @dailycve

    3 Mar 2025

    19 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Ruby News ➜ Security advisories: CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221 https://t.co/lhGgOXB5Hx

    @rubylandnews

    26 Feb 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References