CVE-2025-27788

High

Published: 12 March 2025

Published

12 March 2025

Modified

02 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0016 36.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27788 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Ruby-Lang Javascript Object Notation. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). AI-specific risk: MITRE ATLAS External Harms (AML.T0048). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws such as the out-of-bounds read in Ruby JSON versions 2.10.0 to <2.10.2 by applying the patch in version 2.10.2.

SI-5 Security Alerts, Advisories, and Directives good match

preventdetect

Ensures receipt and dissemination of security advisories like GHSA-9m3q-rhmv-5q44, enabling prompt awareness and patching of the vulnerable Ruby JSON library.

SI-10 Information Input Validation partial match

prevent

Validates untrusted JSON inputs prior to parsing to block specially crafted documents that trigger the out-of-bounds read vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Out-of-bounds read in Ruby JSON parser exploitable remotely (AV:N/AC:L/PR:N/UI:N) causes application crash, enabling endpoint DoS via application exploitation.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

NVD Description

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable.…

Version 2.10.2 fixes the problem. No known workarounds are available.

Deeper analysisAI

CVE-2025-27788 is an out-of-bounds read vulnerability (CWE-125) in the Ruby JSON library, a JSON implementation for Ruby. It affects versions starting from 2.10.0 up to but not including 2.10.2, where a specially crafted JSON document can trigger the issue, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), making it remotely exploitable over a network with low attack complexity, no required privileges or user interaction, and unchanged scope. Remote attackers can achieve denial of service by causing crashes in applications that parse untrusted JSON input using the affected library, with high impact on availability but no impact on confidentiality or integrity.

The vulnerability is addressed in Ruby JSON version 2.10.2, which includes the necessary fix. No known workarounds are available. Relevant resources include the security advisory at https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44, the fixing commit at https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf, and the release page at https://github.com/ruby/json/releases/tag/v2.10.2.