{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-40907","assignerOrgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","state":"PUBLISHED","assignerShortName":"CPANSec","dateReserved":"2025-04-16T09:05:34.360Z","datePublished":"2025-05-16T13:03:02.774Z","dateUpdated":"2025-09-05T13:23:05.630Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://cpan.org/modules","defaultStatus":"unaffected","packageName":"FCGI","product":"FCGI","programFiles":["libfcgi/fcgiapp.c"],"programRoutines":[{"name":"ReadParams()"}],"repo":"https://github.com/FastCGI-Archives/fcgi2","vendor":"ETHER","versions":[{"lessThanOrEqual":"0.82","status":"affected","version":"0.44","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Synacktiv"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.<br><br>The included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.<br>"}],"value":"FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A proof of concept exploit for the underlying library exists at&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\">https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation</a>"}],"value":"A proof of concept exploit for the underlying library exists at  https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1395","description":"CWE-1395: Dependency on Vulnerable Third-Party Component","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-190","description":"CWE-190 Integer Overflow or Wraparound","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-122","description":"CWE-122 Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","shortName":"CPANSec","dateUpdated":"2025-09-05T13:23:05.630Z"},"references":[{"tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2025/04/23/4"},{"tags":["issue-tracking"],"url":"https://github.com/FastCGI-Archives/fcgi2/issues/67"},{"tags":["patch"],"url":"https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5"},{"tags":["technical-description"],"url":"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"},{"tags":["issue-tracking"],"url":"https://github.com/perl-catalyst/FCGI/issues/14"},{"tags":["patch"],"url":"https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch"}],"source":{"discovery":"UNKNOWN"},"title":"FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.<br><br>We also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.<br><br><br>"}],"value":"Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\n\nWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-16T15:07:46.084885Z","id":"CVE-2025-40907","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-16T15:09:00.138Z"}}]}}