CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
Published Jun 1, 2025
·Updated
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
Affected Software
2 affected components
YAML LibYAML<0.903.0
Ingydotnet Yaml-libyaml Perl<0.903.0
Remediation
Patch Available
Patch Available
Event History
Jun 1, 2025
CVE Published
via MITRE·01:41 PM
Data Sourced
via MITRE·01:41 PM
DescriptionWeakness
Data Sourced
via Red Hat·02:01 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-40908?
CVE-2025-40908 is classified as a moderate severity vulnerability due to its potential for file modifications without permission.
2
How do I fix CVE-2025-40908?
To fix CVE-2025-40908, upgrade to YAML-LibYAML version 0.903.0 or later where the vulnerability is patched.
3
What versions are affected by CVE-2025-40908?
CVE-2025-40908 affects all versions of YAML-LibYAML prior to 0.903.0.
4
What is the impact of CVE-2025-40908?
The impact of CVE-2025-40908 allows potentially unauthorized modifications to existing files, jeopardizing data integrity.
5
Is there any workaround for CVE-2025-40908?
While the best solution is to upgrade, a temporary workaround is to restrict file permissions for vulnerable applications.