CVE-2025-40907

CVE-2025-40907: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

Vendor Ether
Product FCGI
Weakness CWE-1395
Published May 16, 2025
Last update September 5, 2025

CVSS base score

What the vulnerability does

01Description

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Key dates

02Disclosure timeline

May 16, 2025 CVE published
September 5, 2025 Record updated

Related vulnerabilities

04Related CVE