Home > Vulnerability Database > CVE-2025-30672

Mend.io Vulnerability Database

CVE-2025-30672

Good to know:

Date: March 31, 2025

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

Severity Score

6.5

Related Resources (6)

Url: https://wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal

Url: https://metacpan.org/release/TOBYINK/Mite-0.013000/changes

Url: https://perldoc.perl.org/perlrun#PERL_USE_UNSAFE_INC

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30672

Url: https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html

Url: https://www.mend.io/vulnerability-database/CVE-2025-30672

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Search Path Element

CWE-427

Top Fix

Upgrade Version

Upgrade to version https://github.com/tobyink/p5-mite.git - 0.013000

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30672

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?