#VU113526 Race condition in Perl - CVE-2025-40909


Vulnerability identifier: #VU113526

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40909

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Perl
Universal components / Libraries / Scripting languages

Vendor: Perl

Description

The vulnerability allows a local user to tamper with application's behavior.

The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Perl: 5.10, 5.12.4 - 5.12.5, 5.13.0 - 5.13.11, 5.14.0 - 5.14.4, 5.15 - 5.15.9, 5.16 - 5.16.3, 5.17.0 - 5.17.11, 5.18.0 - 5.18.4, 5.19.0 - 5.19.11, 5.20.0 - 5.20.3, 5.21.0 - 5.21.11, 5.22 - 5.22.4, 5.23.0 - 5.23.9, 5.24.0 - 5.24.4, 5.25.0 - 5.25.12, 5.26.0 - 5.26.3, 5.27.0 - 5.27.11, 5.28.0 - 5.28.3, 5.29.0 - 5.29.10, 5.30.0 - 5.30.3, 5.31.0 - 5.31.11, 5.32.0 - 5.32.1, 5.33.0 - 5.33.9, 5.34.0 - 5.34.3, 5.35.0 - 5.35.11, 5.36.0 - 5.36.3, 5.37.0 - 5.37.11, 5.38.0 - 5.38.4, 5.39.0 - 5.39.10, 5.40.0 - 5.40.2, 5.41.0 - 5.41.12

External links
https://www.openwall.com/lists/oss-security/2025/05/23/1
https://www.openwall.com/lists/oss-security/2025/05/30/4
https://www.openwall.com/lists/oss-security/2025/06/02/2
https://www.openwall.com/lists/oss-security/2025/06/02/5
https://www.openwall.com/lists/oss-security/2025/06/02/6
https://www.openwall.com/lists/oss-security/2025/06/02/7
https://www.openwall.com/lists/oss-security/2025/06/03/1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e
https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch
https://github.com/Perl/perl5/issues/10387
https://github.com/Perl/perl5/issues/23010
https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads
https://www.openwall.com/lists/oss-security/2025/05/22/2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak
Multiple vulnerabilities in IBM Netezza Appliance
Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.12
Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.13
Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.8
Multiple vulnerabilities in OpenShift Virtualization 4.12
Multiple vulnerabilities in Apple macOS Tahoe
Multiple vulnerabilities in Apple macOS Sonoma
Multiple vulnerabilities in macOS Sequoia
Multiple vulnerabilities in IBM CICS TX Advanced