{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-40907", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2025-04-16T09:05:34.360Z", "datePublished": "2025-05-16T13:03:02.774Z", "dateUpdated": "2025-09-05T13:23:05.630Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "FCGI", "product": "FCGI", "programFiles": ["libfcgi/fcgiapp.c"], "programRoutines": [{"name": "ReadParams()"}], "repo": "https://github.com/FastCGI-Archives/fcgi2", "vendor": "ETHER", "versions": [{"lessThanOrEqual": "0.82", "status": "affected", "version": "0.44", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Synacktiv"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.<br><br>The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.<br>"}], "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A proof of concept exploit for the underlying library exists at&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\">https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation</a>"}], "value": "A proof of concept exploit for the underlying library exists at\u00a0 https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1395", "description": "CWE-1395: Dependency on Vulnerable Third-Party Component", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-09-05T13:23:05.630Z"}, "references": [{"tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2025/04/23/4"}, {"tags": ["issue-tracking"], "url": "https://github.com/FastCGI-Archives/fcgi2/issues/67"}, {"tags": ["patch"], "url": "https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5"}, {"tags": ["technical-description"], "url": "https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"}, {"tags": ["issue-tracking"], "url": "https://github.com/perl-catalyst/FCGI/issues/14"}, {"tags": ["patch"], "url": "https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch"}], "source": {"discovery": "UNKNOWN"}, "title": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.<br><br>We also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.<br><br><br>"}], "value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\n\nWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T15:07:46.084885Z", "id": "CVE-2025-40907", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T15:09:00.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-40907", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-16T15:07:46.084885Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T15:08:50.489Z"}}], "cna": {"title": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Synacktiv"}], "affected": [{"repo": "https://github.com/FastCGI-Archives/fcgi2", "vendor": "ETHER", "product": "FCGI", "versions": [{"status": "affected", "version": "0.44", "versionType": "custom", "lessThanOrEqual": "0.82"}], "packageName": "FCGI", "programFiles": ["libfcgi/fcgiapp.c"], "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "programRoutines": [{"name": "ReadParams()"}]}], "exploits": [{"lang": "en", "value": "A proof of concept exploit for the underlying library exists at\u00a0 https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation", "supportingMedia": [{"type": "text/html", "value": "A proof of concept exploit for the underlying library exists at&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\">https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation</a>", "base64": false}]}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/04/23/4", "tags": ["mailing-list"]}, {"url": "https://github.com/FastCGI-Archives/fcgi2/issues/67", "tags": ["issue-tracking"]}, {"url": "https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5", "tags": ["patch"]}, {"url": "https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library", "tags": ["technical-description"]}, {"url": "https://github.com/perl-catalyst/FCGI/issues/14", "tags": ["issue-tracking"]}, {"url": "https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\n\nWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.", "supportingMedia": [{"type": "text/html", "value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.<br><br>We also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.<br><br><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.", "supportingMedia": [{"type": "text/html", "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.<br><br>The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1395", "description": "CWE-1395: Dependency on Vulnerable Third-Party Component"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-09-05T13:23:05.630Z"}}}, "cveMetadata": {"cveId": "CVE-2025-40907", "state": "PUBLISHED", "dateUpdated": "2025-09-05T13:23:05.630Z", "dateReserved": "2025-04-16T09:05:34.360Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2025-05-16T13:03:02.774Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fastcgi:fcgi:*:*:*:*:*:perl:*:*", "matchCriteriaId": "1C317242-A340-4C14-BD59-592760BCB0B6", "versionEndIncluding": "0.82", "versionStartIncluding": "0.44", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."}, {"lang": "es", "value": "Las versiones 0.44 a 0.82 de FCGI para Perl incluyen una versi\u00f3n vulnerable de la librer\u00eda FastCGI fcgi2 (tambi\u00e9n conocida como fcgi). Esta librer\u00eda est\u00e1 afectada por CVE-2025-23016, lo que provoca un desbordamiento de enteros (y el consiguiente desbordamiento del b\u00fafer en el mont\u00f3n) mediante valores nameLen o valueLen manipulados en los datos del socket IPC. Esto ocurre en ReadParams de fcgiapp.c."}], "id": "CVE-2025-40907", "lastModified": "2025-09-29T22:43:59.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-16T13:15:52.683", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/04/23/4"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/FastCGI-Archives/fcgi2/issues/67"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Release Notes"], "url": "https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/perl-catalyst/FCGI/issues/14"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Patch"], "url": "https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8636", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "perl-FCGI-1:0.82-13.1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8625", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "perl-FCGI-1:0.74-8.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8696", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "perl-FCGI:0.78-8100020250529111022.69ef70f8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8829", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "perl-FCGI:0.78-8020020250607180124.8aedb4cd", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8703", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "perl-FCGI:0.78-8040020250606192145.b28d4d4c", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8890", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "perl-FCGI:0.78-8060020250604201935.513b2a65", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8890", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "perl-FCGI:0.78-8060020250604201935.513b2a65", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8890", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "perl-FCGI:0.78-8060020250604201935.513b2a65", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8698", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "perl-FCGI:0.78-8080020250603232512.bef19048", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8698", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "perl-FCGI:0.78-8080020250603232512.bef19048", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8635", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "perl-FCGI-1:0.79-8.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8678", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "perl-FCGI-1:0.79-8.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8697", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "perl-FCGI-1:0.79-8.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8677", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "perl-FCGI-1:0.79-8.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-09T00:00:00Z"}], "bugzilla": {"description": "perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library", "id": "2366847", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366847"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-1395", "details": ["FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\nThe included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.", "A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-40907", "public_date": "2025-05-16T13:03:02Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40907\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40907\nhttp://www.openwall.com/lists/oss-security/2025/04/23/4\nhttps://github.com/FastCGI-Archives/fcgi2/issues/67\nhttps://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5\nhttps://github.com/perl-catalyst/FCGI/issues/14\nhttps://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch\nhttps://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"], "statement": "This vulnerability is Important rather than just a Moderate flaw because it stems from an integer overflow in the allocation size calculation during parameter parsing in the FastCGI implementation. When the application processes incoming FastCGI parameters, it calculates the total size of memory to allocate by adding the name and value lengths along with two additional bytes. On 32-bit systems, this arithmetic operation can wrap around (due to the limited 32-bit size of size_t), leading to a significantly smaller allocation than intended. However, subsequent calls to FCGX_GetStr use the original (large) lengths provided by the attacker and write far beyond the allocated memory region (heap overflow). Unlike a moderate vulnerability (e.g., memory leak or a simple read out-of-bounds), this heap overflow directly allows an attacker to overwrite adjacent memory in the heap in a controlled way, potentially leading to arbitrary code execution, data corruption, or privilege escalation.", "threat_severity": "Important"}

{}