CVE-2025-40908

CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Vendor Tinita

Product YAML::LibYAML

Weakness CWE-552 · Files accessible externally

Published June 1, 2025

Last update June 2, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Key dates

02Disclosure timeline

June 1, 2025 CVE published

June 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40908

Related vulnerabilities

04Related CVE

CVE-2024-41699 Priority – CWE-552: Files or Directories Accessible to External Parties CVE-2021-4474 Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access CVE-2024-27182 Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability CVE-2025-58152 CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files