Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-40909

Summary
Assigner-CPANSec
Assigner Org ID-9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At-30 May, 2025 | 12:20
Updated At-03 Nov, 2025 | 18:09
Rejected At-
Credits

Perl threads have a working directory race condition where file operations may target unintended paths

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CPANSec
Assigner Org ID:9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At:30 May, 2025 | 12:20
Updated At:03 Nov, 2025 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)
Perl threads have a working directory race condition where file operations may target unintended paths

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Affected Products
Vendor
perl
Product
perl
Collection URL
https://cpan.org/modules
Package Name
perl
Repo
https://github.com/perl/perl5
Program Routines
  • threads
Default Status
unaffected
Versions
Affected
  • From 5.13.6 before 5.41.13 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-689CWE-689 Permission Race Condition During Resource Copy
CWECWE-426CWE-426 Untrusted Search Path
Type: CWE
CWE ID: CWE-689
Description: CWE-689 Permission Race Condition During Resource Copy
Type: CWE
CWE ID: CWE-426
Description: CWE-426 Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update perl to an unaffected version, or apply the patch provided in the references section.

Configurations
Workarounds
Exploits
Credits
finder
Vincent Lefevre
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch
patch
https://www.openwall.com/lists/oss-security/2025/05/22/2
mailing-list
exploit
https://github.com/Perl/perl5/issues/23010
issue-tracking
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
related
https://github.com/Perl/perl5/issues/10387
related
https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads
related
https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e
related
Hyperlink: https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch
Resource:
patch
Hyperlink: https://www.openwall.com/lists/oss-security/2025/05/22/2
Resource:
mailing-list
exploit
Hyperlink: https://github.com/Perl/perl5/issues/23010
Resource:
issue-tracking
Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
Resource:
related
Hyperlink: https://github.com/Perl/perl5/issues/10387
Resource:
related
Hyperlink: https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads
Resource:
related
Hyperlink: https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e
Resource:
related
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/05/23/1
N/A
http://www.openwall.com/lists/oss-security/2025/05/30/4
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/2
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/5
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/6
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/7
N/A
http://www.openwall.com/lists/oss-security/2025/06/03/1
N/A
http://seclists.org/fulldisclosure/2025/Sep/55
N/A
http://seclists.org/fulldisclosure/2025/Sep/54
N/A
http://seclists.org/fulldisclosure/2025/Sep/53
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/05/23/1
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/05/30/4
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/2
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/5
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/6
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/7
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/03/1
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Sep/55
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Sep/54
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Sep/53
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At:30 May, 2025 | 13:15
Updated At:03 Nov, 2025 | 19:15

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-426Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE-689Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-426
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-689
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=10982269b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://github.com/Perl/perl5/issues/103879b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://github.com/Perl/perl5/issues/230109b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://www.openwall.com/lists/oss-security/2025/05/22/29b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
http://seclists.org/fulldisclosure/2025/Sep/53af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2025/Sep/54af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2025/Sep/55af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/05/23/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/05/30/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/6af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/06/02/7af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2025/06/03/1af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://github.com/Perl/perl5/issues/10387
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://github.com/Perl/perl5/issues/23010
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://www.openwall.com/lists/oss-security/2025/05/22/2
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Sep/53
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Sep/54
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Sep/55
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/05/23/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/05/30/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/02/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/03/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found