CVE-2025-3051
📋 TL;DR
This vulnerability in Linux::Statm::Tiny for Perl allows untrusted code from the current working directory to be loaded due to insecure module loading. Attackers who can place malicious files in the current working directory may achieve arbitrary code execution. Systems using affected versions of Linux::Statm::Tiny are vulnerable.
💻 Affected Systems
- Linux::Statm::Tiny for Perl
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution with the privileges of the Perl process, potentially leading to full system compromise.
Likely Case
Local privilege escalation or unauthorized code execution when attackers have write access to directories where Perl scripts run.
If Mitigated
No impact if proper directory permissions prevent untrusted file placement or if the vulnerability is patched.
🎯 Exploit Status
Similar to CVE-2016-1238 exploitation patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.0701
Vendor Advisory: https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes
Restart Required: No
Instructions:
1. Update Linux::Statm::Tiny to version 0.0701 or later using CPAN: 'cpan Linux::Statm::Tiny' 2. Verify the update with 'perl -MLinux::Statm::Tiny -e "print $Linux::Statm::Tiny::VERSION"'
🔧 Temporary Workarounds
Remove '.' from @INC
allModify Perl scripts to remove the current directory from the module search path.
perl -e 'BEGIN { @INC = grep { $_ ne "." } @INC }' your_script.pl
Restrict directory permissions
linuxEnsure the current working directory has proper permissions to prevent untrusted file placement.
chmod 755 /path/to/directory
chown root:root /path/to/directory
🧯 If You Can't Patch
- Run Perl scripts from directories with strict write permissions (e.g., owned by root, not writable by others).
- Use Perl's -T (taint mode) flag to enhance security when handling untrusted data.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Linux::Statm::Tiny: 'perl -MLinux::Statm::Tiny -e "print $Linux::Statm::Tiny::VERSION"' - if version is less than 0.0701, it's vulnerable.Check Version:
perl -MLinux::Statm::Tiny -e "print $Linux::Statm::Tiny::VERSION"Verify Fix Applied:
After updating, run the same command to confirm version is 0.0701 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual Perl module loads from unexpected directories
- File creation events in directories where Perl scripts run
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
Search for file creation events in directories associated with Perl script execution, e.g., 'event_type:file_create AND path:/path/to/perl/scripts/*'