CVE-2025-40909
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
30/05/2025
Last modified:
03/06/2025
Description
Perl threads have a working directory race condition where file operations may target unintended paths.<br />
<br />
If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. <br />
<br />
This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.<br />
<br />
The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
- https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e
- https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch
- https://github.com/Perl/perl5/issues/10387
- https://github.com/Perl/perl5/issues/23010
- https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads
- https://www.openwall.com/lists/oss-security/2025/05/22/2
- http://www.openwall.com/lists/oss-security/2025/05/23/1
- http://www.openwall.com/lists/oss-security/2025/05/30/4
- http://www.openwall.com/lists/oss-security/2025/06/02/2
- http://www.openwall.com/lists/oss-security/2025/06/02/5
- http://www.openwall.com/lists/oss-security/2025/06/02/6
- http://www.openwall.com/lists/oss-security/2025/06/02/7
- http://www.openwall.com/lists/oss-security/2025/06/03/1