NIXPKGS-2025-0012

published on 25 Sep 2025

Permalink CVE-2025-30673

updated 4 months, 1 week ago by @Erethon Activity log

Created automatic suggestion 10 months ago
@LeSuisse accepted 9 months, 4 weeks ago
@Erethon published on GitHub 4 months, 1 week ago

Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

Affected products

Sub-HandlesVia

<0.050002

Matching in nixpkgs

pkgs.perl538Packages.SubHandlesVia

Alternative handles_via implementation

nixos-unstable 0.050000
- nixpkgs-unstable 0.050000
- nixos-unstable-small 0.050000

pkgs.perl540Packages.SubHandlesVia

Alternative handles_via implementation

nixos-unstable 0.050000
- nixpkgs-unstable 0.050000
- nixos-unstable-small 0.050000

Nixpkgs Security Tracker

Details of issue NIXPKGS-2025-0012

Affected products

Matching in nixpkgs

pkgs.perl538Packages.SubHandlesVia

pkgs.perl540Packages.SubHandlesVia