CVE-2025-27219: CGI has Denial of Service (DoS) potential in Cookie.parse
(updated )
There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem.
References
- github.com/advisories/GHSA-gh9q-2xrm-x6qv
- github.com/ruby/cgi
- github.com/ruby/cgi/pull/52
- github.com/ruby/cgi/pull/53
- github.com/ruby/cgi/pull/54
- github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml
- hackerone.com/reports/2936778
- nvd.nist.gov/vuln/detail/CVE-2025-27219
- www.cve.org/CVERecord?id=CVE-2025-27219
Detect and mitigate CVE-2025-27219 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →