Login Sign Up

CVE-2025-40912

9.8 CRITICAL

📋 TL;DR

CryptX for Perl versions before 0.065 contains a vulnerable embedded tomcrypt library that may be susceptible to malformed unicode handling issues. This vulnerability could allow attackers to execute arbitrary code or cause denial of service. Any Perl application using CryptX before version 0.065 is affected.

💻 Affected Systems

Products:
  • CryptX for Perl
Versions: All versions before 0.065
Operating Systems: All platforms running Perl with CryptX
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the embedded tomcrypt library (CVE-2019-17362) that CryptX depends on

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Denial of service through application crashes or memory corruption

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented

🌐 Internet-Facing: HIGH - CryptX is often used in cryptographic operations for web applications and APIs
🏢 Internal Only: MEDIUM - Internal applications using CryptX could be exploited through lateral movement

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Based on CVE-2019-17362 which affects the underlying tomcrypt library; exploitation requires sending malformed unicode to vulnerable functions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.065

Vendor Advisory: https://metacpan.org/release/CryptX

Restart Required: Yes

Instructions:

1. Update CryptX using CPAN: cpan CryptX
2. Verify installation: perl -MCryptX -e 'print $CryptX::VERSION'
3. Restart all Perl applications using CryptX

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation for all data passed to CryptX functions

Network segmentation

all

Isolate systems using vulnerable CryptX versions from untrusted networks

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all data passed to CryptX functions
  • Deploy network controls to limit access to affected systems and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Run: perl -MCryptX -e 'print "VULNERABLE" if $CryptX::VERSION < 0.065'

Check Version:

perl -MCryptX -e 'print $CryptX::VERSION'

Verify Fix Applied:

Run: perl -MCryptX -e 'print "FIXED" if $CryptX::VERSION >= 0.065'

📡 Detection & Monitoring

Log Indicators:

  • Perl application crashes with memory corruption errors
  • Unusual cryptographic operation failures
  • Segmentation faults in Perl processes

Network Indicators:

  • Unusual traffic patterns to Perl applications using CryptX
  • Malformed unicode payloads in network traffic

SIEM Query:

source="*perl*" AND ("segmentation fault" OR "memory corruption" OR "CryptX")

📊 Metadata

CVE ID: CVE-2025-40912
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.07% exploit probability (21.9th percentile)
Published: June 11, 2025
Last Updated: June 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON