CPANSA-perl-2025-40909: perl vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2025-05-30T00:00:00	Engine	CSAF Perl Toolkit 0.26
Current release date	2025-05-30T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	5.9	Severity
Original language		Language	en
Also referred to

Vulnerability Description

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to cloneÂ that handle for the new thread, which is visible from any third (orÂ more) thread already running. This may lead to unintended operationsÂ such as loading code or accessing files from unexpected locations,Â which a local attacker may be able to exploit. The bug was introduced in commitÂ 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Vulnerabilities

CVE-2025-40909

Vulnerability Description

Perl threads have a working directory race condition where file operations may target unintended paths.

If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running.

This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.

The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Weakness	CWE-362 : Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Product status

Known affected

Product

Score

perl greater than or equal 5.16.3 and less than 5.38.5

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	5.9	Medium

perl greater than or equal 5.40.0 and less than 5.40.3

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	5.9	Medium

perl greater than or equal 5.41.0 and less than 5.41.13

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	5.9	Medium

Fixed

perl greater than or equal 5.41.13
perl greater than or equal 5.38.5 and less than 5.40.0
perl greater than or equal 5.40.3

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-perl-2025-40909 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2025/cpansa-perl-2025-40909.json
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 external
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e external
https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e
https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch external
https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch
https://github.com/Perl/perl5/issues/10387 external
https://github.com/Perl/perl5/issues/10387
https://github.com/Perl/perl5/issues/23010 external
https://github.com/Perl/perl5/issues/23010
https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads external
https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads
https://www.openwall.com/lists/oss-security/2025/05/22/2 external
https://www.openwall.com/lists/oss-security/2025/05/22/2
http://www.openwall.com/lists/oss-security/2025/05/23/1 external
http://www.openwall.com/lists/oss-security/2025/05/23/1
http://www.openwall.com/lists/oss-security/2025/05/30/4 external
http://www.openwall.com/lists/oss-security/2025/05/30/4
CVE-2025-40909 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2025-40909

Revision history

Version	Date of the revision	Summary of the revision
1	Fri May 30 00:00:00 2025	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/