IP CIDR Address Parsing Flaw in Net::IP::LPM for Perl
CVE-2025-40910

6.5MEDIUM

Key Information:

Vendor

Tpoder

Vendor
CVE Published:
27 June 2025

What is CVE-2025-40910?

The Net::IP::LPM module for Perl has a vulnerability in its handling of IP CIDR address strings, specifically with leading zero characters. This flaw can result in unintended behavior where access controls based on IP addresses may be bypassed. Attackers exploiting this vulnerability could use octal notation by embedding leading zeros, leading to confusion and potential security risks. Proper validation methods are essential to ensure that access control mechanisms are not compromised by misinterpretation of IP address formats.

Affected Version(s)

Net::IP::LPM 1.10

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.