Integer Overflow Vulnerability in Perl CryptX with Affected Lib Tommath Version
CVE-2025-40914

9.8CRITICAL

Key Information:

Vendor: Mik
Status: Cryptx
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-40914?

The Perl CryptX module versions prior to 0.087 include a vulnerable dependency on the libtommath library, which is affected by an integer overflow issue. This flaw may allow attackers to exploit the vulnerability associated with libtommath, potentially leading to unintended behavior or security breaches. It is crucial for users and organizations utilizing Perl CryptX to update to the latest version to mitigate the risk posed by this vulnerability.

Affected Version(s)

CryptX 0.002 <= 0.086

References

https://www.cve.org/CVERecord?id=CVE-2023-36328

https://github.com/libtom/libtommath/pull/546

https://github.com/advisories/GHSA-j3xv-6967-cv88

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Apr 16, 2025

Mik

What is CVE-2025-40914?

Affected Version(s)

References

CVSS V3.1

Timeline