diff --git a/rubies/mruby/CVE-2025-7207.yml b/rubies/mruby/CVE-2025-7207.yml
new file mode 100644
index 0000000000..d8f1aaf479
--- /dev/null
+++ b/rubies/mruby/CVE-2025-7207.yml
@@ -0,0 +1,36 @@
+---
+engine: mruby
+cve: 2025-7207
+ghsa: 48pr-6hvf-39v3
+url: https://nvd.nist.gov/vuln/detail/CVE-2025-7207
+title: Heap-based buffer overflow vulnerability in mruby 3.4.0-rc2
+date: 2025-07-08
+description: |
+  A vulnerability, which was classified as problematic, was found
+  in mruby up to 3.4.0-rc2. Affected is the function scope_new of
+  the file mrbgems/mruby-compiler/core/codegen.c of the component
+  nregs Handler. The manipulation leads to heap-based buffer overflow.
+  An attack has to be approached locally. The exploit has been
+  disclosed to the public and may be used. The name of the patch
+  is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended
+  to apply a patch to fix this issue.
+
+  ## RELEASE NOTES
+  - Found Issue #6509 listed in **unreleased** mruby 3.5 NEWS.md
+    file listed below.
+cvss_v2: 1.7
+cvss_v3: 5.5
+cvss_v4: 4.4
+notes: "Never patched  - mruby 3.5.0 has not be released as 1/23/2026."
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-7207
+    - https://github.com/mruby/mruby/blob/master/NEWS.md
+    - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9
+    - https://github.com/mruby/mruby/issues/6509#event-17145516649
+    - https://github.com/mruby/mruby/issues/6509
+    - https://vuldb.com/?ctiid.315156
+    - https://vuldb.com/?id.315156
+    - https://vuldb.com/?submit.607683
+    - https://www.wiz.io/vulnerability-database/cve/cve-2025-7207
+    - https://github.com/advisories/GHSA-48pr-6hvf-39v3
diff --git a/rubies/ruby/CVE-2024-27282.yml b/rubies/ruby/CVE-2024-27282.yml
deleted file mode 100644
index d4a9f581f8..0000000000
--- a/rubies/ruby/CVE-2024-27282.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-engine: ruby
-cve: 2024-27282
-url: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
-title: Arbitrary memory address read vulnerability with Regex search
-date: 2024-04-23
-description: |
-  If attacker-supplied data is provided to the Ruby regex compiler, it is
-  possible to extract arbitrary heap data relative to the start of the text,
-  including pointers and sensitive strings.
-
-  We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby series, you may update as follows instead:
-
-  * For Ruby 3.0 users: Update to 3.0.7
-  * For Ruby 3.1 users: Update to 3.1.5
-  * For Ruby 3.2 users: Update to 3.2.4
-  * For Ruby 3.3 users: Update to 3.3.1
-patched_versions:
-  - "~> 3.0.7"
-  - "~> 3.1.5"
-  - "~> 3.2.4"
-  - ">= 3.3.1"