CVE-2025-40908 | THREATINT

Description

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

PUBLISHED Reserved 2025-04-16 | Published 2025-06-01 | Updated 2025-06-02 | Assigner CPANSec

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status

unaffected

Any version before 0.903.0

affected

Credits

@shlomif (Shlomi Fish) finder

References

github.com/ingydotnet/yaml-libyaml-pm/issues/120 issue-tracking

github.com/ingydotnet/yaml-libyaml-pm/pull/121 patch

github.com/ingydotnet/yaml-libyaml-pm/pull/122 patch

cve.org (CVE-2025-40908)

nvd.nist.gov (CVE-2025-40908)

Download JSON

help @ threatint.eu