7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-27788

GHSA ID

GHSA-9m3q-rhmv-5q44

EPSS Score

0.30098%

CWE

CWE-125

Published

3/12/2025

Updated

3/13/2025

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-27788

CVE-2025-27788: Out-of-bounds Read in Ruby JSON Parser

Impact

A specially crafted document could cause an out of bound read, most likely resulting in a crash.

Versions 2.10.0 and 2.10.1 are impacted. Older versions are not.

Patches

Version 2.10.2 fixes the problem.

Workarounds

None.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-27788

CVE-2025-27788:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-27788

GHSA ID

GHSA-9m3q-rhmv-5q44

EPSS Score

0.30098%

CWE

CWE-125

Published

3/12/2025

Updated

3/13/2025

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
json	rubygems	>= 2.10.0, <= 2.10.1	2.10.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows a critical boundary check addition in json_string_unescape function. The original code used 'while ((pe = memchr(...)))' without validating 'pe' stays within 'stringEnd'. The patch adds 'pe < stringEnd' check to prevent OOB read. This matches the CWE-125 description and advisory's focus on unescape handling. No other code changes were made in the security-relevant commit.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-27788: Out-of-bounds Read in Ruby JSON Parser

Impact

Patches

Workarounds

CVE-2025-27788:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-27788: Out-of-bounds Read in Ruby JSON Parser

Impact

Patches

Workarounds

7.5

7.5

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI