CVE-2025-3051

Summary

Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.

If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution.

Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672

Affected Software

VendorProductVersion RangeStatus
RRWOLinux::Statm::Tiny0 < 0.0701affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References