Security Advisory

CVE-2025-10990

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-27 13:32:02
Last updated 2026-06-25 23:53:54
Assigner redhat
State PUBLISHED

Description

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.