The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability. We also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.
Fri, 05 Sep 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-122 |
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 02 Jul 2025 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fastcgi
Fastcgi fcgi |
|
Weaknesses | CWE-190 | |
CPEs | cpe:2.3:a:fastcgi:fcgi:*:*:*:*:*:perl:*:* | |
Vendors & Products |
Fastcgi
Fastcgi fcgi |
Thu, 12 Jun 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_tus:8.6 |
Wed, 11 Jun 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_aus:8.2 |
Tue, 10 Jun 2025 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_e4s:8.8 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.8 cpe:/o:redhat:enterprise_linux:10.0 cpe:/o:redhat:rhel_els:7 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus |
Sat, 17 May 2025 03:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 16 May 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 16 May 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | |
Title | FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library | |
Weaknesses | CWE-1395 | |
References |
|
|

Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2025-09-05T13:23:05.630Z
Reserved: 2025-04-16T09:05:34.360Z
Link: CVE-2025-40907

Updated: 2025-05-16T15:08:50.489Z

Status : Analyzed
Published: 2025-05-16T13:15:52.683
Modified: 2025-09-29T22:43:59.123
Link: CVE-2025-40907


No data.