Fluid Attacks Database

Description

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	perl	=5.32.1-4 \|\| =5.32.1-4+deb11u1 \|\| =5.32.1-4+deb11u2 \|\| =5.32.1-4+deb11u3 \|\| =5.32.1-4+deb11u4 \|\| >=0 <5.32.1-4+deb11u5	5.32.1-4+deb11u5
debian 12	perl	=5.36.0-7 \|\| =5.36.0-7+deb12u1 \|\| =5.36.0-7+deb12u2 \|\| >=0 <5.36.0-7+deb12u3	5.36.0-7+deb12u3
debian 13	perl	>=0 <5.40.1-5	5.40.1-5
debian 14	perl	>=0 <5.40.1-5	5.40.1-5
rpm rhel10	perl	<4:5.40.2-512.2.el10_0	4:5.40.2-512.2.el10_0
rpm rhel6	perl	-	-
rpm rhel7	perl	-	-
rpm rhel8	perl	<4:5.26.3-423.el8_10	4:5.26.3-423.el8_10
rpm rhel9	perl	<4:5.32.1-481.1.el9_6	4:5.32.1-481.1.el9_6
rpm rhel9.4	perl	<4:5.32.1-481.el9_4.1	4:5.32.1-481.el9_4.1

Aliases

1. CVE-2025-409092. NVD-2025-409093. OSV-DEBIAN-2025-409094. OSV-2025-409095. SECURITY-TRACKER-CVE-2025-40909

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.