- Description
- Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6
- Source
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.4
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- CWE-362
- Hype score
- Not currently trending
ALAS-2025-1981 (important): perl #CVE-2025-40909 #AWS https://t.co/jGa38TowKu
@WhatsNewWithAWS
27 Jun 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Perl Security Patch Alert: CVE-2025-40909 affects openSUSE/SLE systems Moderate risk DoS vuln in dir handling 🔧 Impacts Leap 15.3-15.6, SLE Micro 5.x 📌 Patch now: zypper in -t patch [version-specific] Read more: 👉 https://t.co/KhhNSOgnst #CyberSecurity #Linux #D
@Cezar_H_Linux
19 Jun 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Perlのスレッド機構に新たな脆弱性(CVE-2025-40909)が発見された。スレッド生成時に一時的に作業ディレクトリが変更されることで、他のスレッドがその変更を観測・干渉可能となり、意図しないファイル操作
@yousukezan
31 May 2025
649 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-40909 Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process… https://t.co/HJ5DKrrYu9
@CVEnew
30 May 2025
393 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40909: Perl 5.40 dir dup bug with threading https://t.co/AJWWQz3nEX Since 2010, under some conditions, Perl temporarily changes the current directory at thread creation, which affects other threads. Test shows that arbitrary code execution is a possible consequence.
@oss_security
23 May 2025
368 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes