Description

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.

INFO

Published Date :

2026-02-27T13:32:02.309Z

Last Modified :

2026-02-27T18:43:57.501Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10990 vulnerability.

Vendors Products
Redhat
  • Rhel Satellite Client
  • Satellite
  • Satellite Capsule
  • Satellite Utils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10990.

URL Resource
https://access.redhat.com/errata/RHSA-2025:17606 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:17613 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:17693 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-49761 cve-icon
https://access.redhat.com/security/cve/CVE-2025-10990 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2398216 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-10990 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49761 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-10990 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact