CVE-2025-30673

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-30673

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30673.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-30673

Downstream

DEBIAN-CVE-2025-30673

UBUNTU-CVE-2025-30673

Published

2025-04-01T03:15:16Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.

If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution.

Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

References

https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html
https://metacpan.org/dist/Sub-HandlesVia/changes#L12
https://metacpan.org/release/TOBYINK/Sub-HandlesVia-0.050001/source/lib/Sub/HandlesVia/Mite.pm#L114

CVE-2025-30673

Affected packages