CVE-2025-30672

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 1, 2025

CWE ID 427

Summary

CVE-2025-30672 is a newly disclosed vulnerability affecting Mite for Perl before 0.013000. The issue arises due to Mite's generation of code with the current working directory added to the @INC path. This behavior is reminiscent of CVE-2016-1238. An attacker with access to the current working directory can exploit this flaw by placing a malicious file, which may then be loaded instead of the intended file. Consequently, arbitrary code execution is a potential outcome, impacting not only Mite but also other distributions containing code generated by this tool.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4qk838
https://www.cve.org/CVERecord?id=CVE-2025-30672
https://nvd.nist.gov/vuln/detail/CVE-2025-30672

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-30672

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations