QwikSec

Security Database

CVE

CWE

Training

CVE-2025-30672

Published: Apr 1, 2025

Modified: Apr 1, 2025

PUBLISHED

Description

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

Vendor	Product	Versions
TOBYINK	Mite	affected `0 - < 0.013000`

Weaknesses (CWE)

References

https://metacpan.org/release/TOBYINK/Mite-0.013000/changes

release-notes

https://wiki.gentoo.org/wiki/Project:Perl/Dot-In-INC-Removal

related

https://perldoc.perl.org/perlrun#PERL_USE_UNSAFE_INC

related

https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html

related

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.