IP CIDR Address Parsing Flaw in Net::IP::LPM for Perl
CVE-2025-40910
6.5MEDIUM
What is CVE-2025-40910?
The Net::IP::LPM module for Perl has a vulnerability in its handling of IP CIDR address strings, specifically with leading zero characters. This flaw can result in unintended behavior where access controls based on IP addresses may be bypassed. Attackers exploiting this vulnerability could use octal notation by embedding leading zeros, leading to confusion and potential security risks. Proper validation methods are essential to ensure that access control mechanisms are not compromised by misinterpretation of IP address formats.
Affected Version(s)
Net::IP::LPM 1.10
