VDB

CVE-2025-10990

CVE-2025-10990 PUBLISHED CVSS 7.5 HIGH

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.

EPSS 0.17% · 37.6th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.17%
37.6th percentile

Affected Products

VendorProductVersions
Red HatSatellite Client 6 for RHEL 8*, 0:7.34.0-4.el8sat, *
Red HatRed Hat Satellite 6.16 for RHEL 80:8.8.1-3.el8sat, *, 0:8.8.1-3.el8sat
6.16.5.4, 6.16.5.4, 6.17.5
Red HatSatellite Client 6 for RHEL 90:7.34.0-4.el9sat, 0:7.34.0-4.el9sat, 0:7.34.0-4.el9sat
Red HatRed Hat Satellite 6.16 for RHEL 90:8.8.1-3.el9sat, *, 0:8.8.1-3.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:8.8.1-3.el9sat, 0:8.8.1-3.el9sat, *

Timeline

  • Feb 27, 2026 CVE Published
  • Feb 28, 2026 EPSS Score
  • Feb 28, 2026 PoC Published
  • Mar 1, 2026 EPSS Score
  • Mar 2, 2026 CVE Updated
  • Mar 2, 2026 Distribution Patch
  • Mar 2, 2026 Distribution Patch
  • Mar 2, 2026 Distribution Patch
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 3, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›