diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml
new file mode 100644
index 000000000000..6d05cc1f49b4
--- /dev/null
+++ b/ci/ios/upload-vm/osv-scanner.toml
@@ -0,0 +1,8 @@
+# Entire package ignored since there is a constant stream of newly found regular expression attacks.
+# All of these attacks rely on the input being malicious. We only use this package in our trusted
+# build environment with trusted inputs.
+[[PackageOverrides]]
+effectiveUntil = 2025-05-01 # Ignored for 6 months at a time, it is unlikely to be an issue.
+ignore = true
+name = "rexml"
+reason = "The XML payload is generated by Apple tooling which we trust"
\ No newline at end of file
diff --git a/ios/osv-scanner.toml b/ios/osv-scanner.toml
new file mode 100644
index 000000000000..6d05cc1f49b4
--- /dev/null
+++ b/ios/osv-scanner.toml
@@ -0,0 +1,8 @@
+# Entire package ignored since there is a constant stream of newly found regular expression attacks.
+# All of these attacks rely on the input being malicious. We only use this package in our trusted
+# build environment with trusted inputs.
+[[PackageOverrides]]
+effectiveUntil = 2025-05-01 # Ignored for 6 months at a time, it is unlikely to be an issue.
+ignore = true
+name = "rexml"
+reason = "The XML payload is generated by Apple tooling which we trust"
\ No newline at end of file