CVE-2025-40908

Опубликовано: 01 июн. 2025

Источник: redhat

CVSS3: 7.7

EPSS Низкий

Описание

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification of files.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	perl-YAML-LibYAML	Affected
Red Hat Enterprise Linux 9	perl-YAML-LibYAML	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-552

https://bugzilla.redhat.com/show_bug.cgi?id=2369630yaml-libyaml: LibYAML Perl File Modification Vulnerability

EPSS

Процентиль: 11%

0.00038

Низкий

7.7 High

CVSS3

Связанные уязвимости

CVE-2025-40908

CVSS3: 9.1

ubuntu

20 дней назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

CVE-2025-40908

CVSS3: 9.1

nvd

20 дней назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

CVE-2025-40908

CVSS3: 9.1

debian

20 дней назад

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing exis ...

SUSE-SU-2025:01886-1

suse-cvrf

10 дней назад

Security update for perl-YAML-LibYAML

SUSE-SU-2025:01885-1

suse-cvrf

10 дней назад

Security update for perl-YAML-LibYAML

EPSS

Процентиль: 11%

0.00038

Низкий

7.7 High

CVSS3