Critical severity9.1NVD Advisory· Published Jun 1, 2025· Updated Jun 17, 2026
CVE-2025-40908
CVE-2025-40908
Description
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Range: <0.903.0
- Range: <0.903.0
- osv-coords7 versionspkg:rpm/almalinux/perl-YAML-LibYAMLpkg:rpm/opensuse/perl-YAML-LibYAML&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/perl-YAML-LibYAML&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-YAML-LibYAML&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/perl-YAML-LibYAML&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/perl-YAML-LibYAML&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/perl-YAML-LibYAML&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 1:0.70-2.el8_10+ 6 more
- (no CPE)range: < 1:0.70-2.el8_10
- (no CPE)range: < 0.904.0-150000.3.16.1
- (no CPE)range: < 0.904.0-2.1
- (no CPE)range: < 0.904.0-150000.3.16.1
- (no CPE)range: < 0.904.0-150000.3.16.1
- (no CPE)range: < 0.38-11.3.1
- (no CPE)range: < 0.38-11.3.1
- Range: 0
Patches
Vulnerability mechanics
References
3- github.com/ingydotnet/yaml-libyaml-pm/pull/121nvdIssue TrackingPatch
- github.com/ingydotnet/yaml-libyaml-pm/pull/122nvdIssue TrackingPatch
- github.com/ingydotnet/yaml-libyaml-pm/issues/120nvdExploitIssue Tracking
News mentions
0No linked articles in our index yet.