Login Sign Up

CVE-2025-40908

9.1 CRITICAL

📋 TL;DR

This vulnerability in YAML-LibYAML for Perl allows attackers to modify existing files on the system due to insecure use of 2-argument open() calls. It affects applications using YAML-LibYAML versions before 0.903.0 for parsing YAML files. The vulnerability could be exploited through malicious YAML input.

💻 Affected Systems

Products:
  • YAML-LibYAML (Perl module)
Versions: All versions prior to 0.903.0
Operating Systems: All operating systems running Perl with YAML-LibYAML
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Perl applications that use the YAML-LibYAML module to parse YAML from untrusted sources.

📦 What is this software?

Yaml Libyaml by Ingydotnet

View all CVEs affecting Yaml Libyaml →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file modification, potentially leading to privilege escalation, data destruction, or backdoor installation.

🟠

Likely Case

Unauthorized modification of configuration files, log files, or other sensitive files accessible to the application user.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and file permissions are properly restricted.

🌐 Internet-Facing: HIGH if application accepts YAML input from untrusted sources via web interfaces or APIs.
🏢 Internal Only: MEDIUM for internal applications that process YAML from semi-trusted sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the application to process malicious YAML input. No public exploit code has been released as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.903.0

Vendor Advisory: https://github.com/ingydotnet/yaml-libyaml-pm/issues/120

Restart Required: No

Instructions:

1. Update YAML-LibYAML module using CPAN: 'cpan YAML::LibYAML' 2. Or install specific version: 'cpan YAML::LibYAML@0.9030' 3. Verify installation with 'perl -MYAML::LibYAML -e "print $YAML::LibYAML::VERSION"'

🔧 Temporary Workarounds

Input Validation

all

Validate and sanitize all YAML input before processing

File Permission Restrictions

linux

Run application with minimal privileges and restrict write permissions to sensitive directories

chmod 644 /path/to/sensitive/files
chown root:root /path/to/sensitive/files

🧯 If You Can't Patch

  • Disable YAML processing from untrusted sources
  • Implement strict input validation and sanitization for all YAML inputs

🔍 How to Verify

Check if Vulnerable:

Check YAML::LibYAML version with: perl -MYAML::LibYAML -e "print $YAML::LibYAML::VERSION"

Check Version:

perl -MYAML::LibYAML -e "print $YAML::LibYAML::VERSION"

Verify Fix Applied:

Verify version is 0.903.0 or higher using the same command

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file modifications in application directories
  • Failed file write attempts with YAML processing errors

Network Indicators:

  • Large or malformed YAML payloads sent to application endpoints

SIEM Query:

source="application.log" AND ("YAML::LibYAML" OR "YAML parsing") AND ("permission denied" OR "file modification")

📊 Metadata

CVE ID: CVE-2025-40908
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-552
EPSS Score: 0.06% exploit probability (19.5th percentile)
Published: June 1, 2025
Last Updated: July 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40908, you might also want to check these:

CVE-2025-41240 10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via...

Same vulnerability type (CWE-552)
CVE-2024-56731 10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading ...

Same vulnerability type (CWE-552)
CVE-2024-6209 10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, ...

Same vulnerability type (CWE-552)