We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-30672

Mite for Perl generates code with an untrusted search path vulnerability



Description

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

Reserved 2025-03-24 | Published 2025-04-01 | Updated 2025-04-01 | Assigner CPANSec

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

Any version before 0.013000
affected

References

metacpan.org/release/TOBYINK/Mite-0.013000/changes release-notes

wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal related

perldoc.perl.org/perlrun related

blogs.perl.org/...o/2016/11/what-happened-to-dot-in-inc.html related

cve.org (CVE-2025-30672)

nvd.nist.gov (CVE-2025-30672)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-30672

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.