Guidance for Patch or Update for CVE-2025-58767 in Live Site Recovery

search cancel

Guidance for Patch or Update for CVE-2025-58767 in Live Site Recovery

book

Article ID: 418513

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Vulnerability Details

CVE Identifier: $\text{CVE-2025-58767}$
Vulnerability Description: CVE-2025-58767 is a Denial of Service (DoS) vulnerability found in the REXML library, which is used by Live Site Recovery to process XML data.An attacker can exploit this flaw by sending a specially formatted XML document that causes the application to consume excessive resources (CPU/memory), leading to unresponsiveness and service disruption.
Severity: The CVE-2025-58767 is typically rated with a Medium or Moderate severity

Environment

Live Site Recovery 9.X

Resolution

The vulnerability is addressed in the underlying Ruby package version ruby-3.4.7-2.ph5 (or later). This specific package update is automatically applied when upgrading to Live Site Recovery version 9.0.5.

Feedback

thumb_up Yes

thumb_down No