QwikSec

Security Database

CVE

CWE

Training

CVE-2025-40907

Published: May 16, 2025

Modified: Sep 5, 2025

PUBLISHED

Description

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Vendor	Product	Versions
ETHER	FCGI	affected `0.44 - <= 0.82`

Weaknesses (CWE)

References

http://www.openwall.com/lists/oss-security/2025/04/23/4

mailing-list

https://github.com/FastCGI-Archives/fcgi2/issues/67

issue-tracking

https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5

patch

https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library

technical-description

https://github.com/perl-catalyst/FCGI/issues/14

issue-tracking

https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.