{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-30T12:20:11Z",
  "bugzilla" : {
    "description" : "perl: Perl threads have a working directory race condition where file operations may target unintended paths",
    "id" : "2369407",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2369407"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-427",
  "details" : [ "Perl threads have a working directory race condition where file operations may target unintended paths.\nIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. \nThis may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.\nThe bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-07-29T00:00:00Z",
    "advisory" : "RHSA-2025:12056",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "perl-4:5.40.2-512.2.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11805",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "perl-4:5.26.3-423.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11805",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "perl-4:5.26.3-423.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "perl-4:5.32.1-481.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-07-22T00:00:00Z",
    "advisory" : "RHSA-2025:11545",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "perl-4:5.32.1-481.el9_4.1"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2025-08-06T00:00:00Z",
    "advisory" : "RHSA-2025:13267",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-server-rhel9:sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "perl:5.32/perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40909\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40909\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226\nhttps://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e\nhttps://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch\nhttps://github.com/Perl/perl5/issues/10387\nhttps://github.com/Perl/perl5/issues/23010\nhttps://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads\nhttps://www.openwall.com/lists/oss-security/2025/05/22/2" ],
  "name" : "CVE-2025-40909",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}