Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-40914 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-40914

CVE-2025-40914

CRITICAL9.8

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow

Published Jun 11, 2025

Modified 8 months ago

Details

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.

CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

References

https://github.com/advisories/GHSA-j3xv-6967-cv88

https://github.com/libtom/libtommath/pull/546

https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c

https://www.cve.org/CVERecord?id=CVE-2023-36328

https://www.cve.org/CVERecord?id=CVE-2025-40914

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedJun 11, 2025

ModifiedJun 11, 2025