CVE-2025-30673

Source
https://cve.org/CVERecord?id=CVE-2025-30673
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30673.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-30673
Downstream
Published
2025-04-01T02:02:25.594Z
Modified
2026-07-08T08:02:47.754241406Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory
Details

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.

If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution.

Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

Database specific
{
    "cna_assigner": "CPANSec",
    "cwe_ids": [
        "CWE-427"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30673.json"
}
References

Affected packages

Git / github.com/tobyink/p5-sub-handlesvia

Affected ranges

Type
GIT
Repo
https://github.com/tobyink/p5-sub-handlesvia
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.050002"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.001
0.002
0.003
0.004
0.005
0.006
0.007
0.008_000
0.008_001
0.008_002
0.008_003
0.009
0.010
0.011
0.012
0.013
0.014
0.015
0.016
0.017
0.018
0.019
0.020
0.021
0.022
0.023
0.024
0.025
0.026
0.027
0.028
0.029
0.030
0.031
0.032
0.033
0.034
0.035
0.036
0.037
0.038
0.039
0.040
0.041
0.042
0.043
0.044
0.045
0.046
0.050000
0.050001

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30673.json"