CVE-2025-40909Untrusted Search Path in Perl

CWE-426Untrusted Search PathCWE-689Permission Race Condition During Resource CopyCWE-362Race ConditionCWE-427Uncontrolled Search Path Element12 documents10 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 90.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Perl
Timeline
PublishedMay 30
Latest updateSep 15

Description

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.5 | Impact: 3.4

Affected Packages2 packages

CVEListV5perl/perl5.13.65.41.13
Debianperl/perl< 5.36.0-7+deb12u3+2

🔴Vulnerability Details

3
CVEList
Perl threads have a working directory race condition where file operations may target unintended paths2025-05-30
GHSA
GHSA-jpf5-526x-c5hw: Perl threads have a working directory race condition where file operations may target unintended paths2025-05-30
OSV
CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths2025-05-30

📋Vendor Advisories

7
Apple
CVE-2025-40909: macOS Sonoma 14.82025-09-15
Apple
CVE-2025-40909: macOS Tahoe 262025-09-15
Apple
CVE-2025-40909: macOS Sequoia 15.72025-09-15
Ubuntu
Perl vulnerability2025-07-29
Red Hat
perl: Perl threads have a working directory race condition where file operations may target unintended paths2025-05-30

💬Community

1
Bugzilla
CVE-2025-40909 perl: Perl threads have a working directory race condition where file operations may target unintended paths2025-05-30