Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2025-40907 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-40907

CVE-2025-40907

MEDIUM5.3

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

Published May 16, 2025

Modified 6 months ago

Details

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.

The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

References

WEB

http://www.openwall.com/lists/oss-security/2025/04/23/4

WEB

https://github.com/FastCGI-Archives/fcgi2/issues/67

FIX

https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5

WEB

https://github.com/perl-catalyst/FCGI/issues/14

FIX

https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-40907

WEB

https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

Other

CWE-122

CWE-1395

CWE-190

Ecosystems

Timeline

PublishedMay 16, 2025

ModifiedSep 5, 2025