CVE-2025-27788
HIGH7.5EPSS 0.16%Out-of-bounds Read in Ruby JSON Parser
Published: 3/12/2025Modified: 2/4/2026
Description
### Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. ### Patches Version 2.10.2 fixes the problem. ### Workarounds None.
Affected packages (1)
- RubyGems/json>= 2.10.0, < 2.10.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-27788
- PATCHhttps://github.com/ruby/json
- WEBhttps://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf
- WEBhttps://github.com/ruby/json/releases/tag/v2.10.2
- WEBhttps://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2025-27788.yml