Critical severity9.8NVD Advisory· Published May 16, 2025· Updated Apr 15, 2026
CVE-2025-40906
CVE-2025-40906
Description
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.
Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.
BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=0.8.4+ 1 more
- (no CPE)range: <=0.8.4
- (no CPE)range: <=0.8.4
Package: https://rubygems.org/gems/bson-xs
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.