CVE-2025-40914

Source
https://cve.org/CVERecord?id=CVE-2025-40914
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40914.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40914
Aliases
Downstream
Related
Published
2025-06-11T14:06:53.418Z
Modified
2026-06-18T03:55:58.522969600Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow
Details

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.

CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

Database specific
{
    "cwe_ids": [
        "CWE-1395"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40914.json",
    "cna_assigner": "CPANSec"
}
References

Affected packages

Git / github.com/dcit/perl-cryptx

Affected ranges

Type
GIT
Repo
https://github.com/dcit/perl-cryptx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.002"
        },
        {
            "last_affected": "0.086"
        }
    ]
}

Affected versions

v0.*
v0.022
v0.023
v0.024
v0.025
v0.026
v0.029
v0.030
v0.031
v0.032
v0.033
v0.034
v0.035
v0.036
v0.037
v0.038
v0.039
v0.040
v0.041
v0.042
v0.043
v0.044
v0.045
v0.046
v0.047
v0.048
v0.049
v0.050
v0.051
v0.052
v0.053
v0.054
v0.055
v0.056
v0.057
v0.058
v0.059
v0.060
v0.061
v0.062
v0.063
v0.064
v0.065
v0.066
v0.067
v0.068
v0.069
v0.070
v0.071
v0.072
v0.073
v0.074
v0.075
v0.076
v0.077
v0.078
v0.079
v0.080
v0.081
v0.082
v0.083
v0.084
v0.085
v0.086

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40914.json"