{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-40908","assignerOrgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","state":"PUBLISHED","assignerShortName":"CPANSec","dateReserved":"2025-04-16T09:05:34.360Z","datePublished":"2025-06-01T13:41:48.168Z","dateUpdated":"2025-06-02T03:22:25.333Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://cpan.org/modules","defaultStatus":"unaffected","packageName":"YAML-LibYAML","product":"YAML::LibYAML","programFiles":["lib/YAML/XS.pm"],"repo":"https://github.com/ingydotnet/yaml-libyaml-pm","vendor":"TINITA","versions":[{"lessThan":"0.903.0","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"@shlomif (Shlomi Fish)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified<br>"}],"value":"YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified"}],"impacts":[{"capecId":"CAPEC-23","descriptions":[{"lang":"en","value":"CAPEC-23 File Content Injection"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-552","description":"CWE-552 Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","shortName":"CPANSec","dateUpdated":"2025-06-01T13:41:48.168Z"},"references":[{"tags":["issue-tracking"],"url":"https://github.com/ingydotnet/yaml-libyaml-pm/issues/120"},{"tags":["patch"],"url":"https://github.com/ingydotnet/yaml-libyaml-pm/pull/121"},{"tags":["patch"],"url":"https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"}],"source":{"discovery":"INTERNAL"},"title":"YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.1,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-06-02T03:22:02.219115Z","id":"CVE-2025-40908","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-02T03:22:25.333Z"}}]}}