Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-40911
PUBLISHED
More InfoOfficial Page
Assigner-CPANSec
Assigner Org ID-9b29abf9-4ab0-4765-b253-1875cd9b441e
View Known Exploited Vulnerability (KEV) details
Published At-27 May, 2025 | 21:17
Updated At-28 May, 2025 | 13:56
Rejected At-
▼CVE Numbering Authority (CNA)
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation. Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.

Affected Products
Vendor
RRWO
Product
Net::CIDR::Set
Collection URL
https://cpan.org/modules
Package Name
Net-CIDR-Set
Repo
https://github.com/robrwo/perl-Net-CIDR-Set
Default Status
unaffected
Versions
Affected
  • From 0.10 through 0.13 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1287CWE-1287 Improper Validation of Specified Type of Input
Type: CWE
CWE ID: CWE-1287
Description: CWE-1287 Improper Validation of Specified Type of Input
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to version 0.14, or apply the patch provided by the module author.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes
release-notes
https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a.patch
patch
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
related
Hyperlink: https://metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes
Resource:
release-notes
Hyperlink: https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a.patch
Resource:
patch
Hyperlink: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
Resource:
related
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found