Home > Vulnerability Database > CVE-2025-40907

Mend.io Vulnerability Database

CVE-2025-40907

Date: May 16, 2025

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Severity Score

5.3

Related Resources (9)

Url: https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch

Url: http://www.openwall.com/lists/oss-security/2025/04/23/4

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-40907

Url: https://github.com/FastCGI-Archives/fcgi2/issues/67

Url: https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library

Url: https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5

Url: https://github.com/perl-catalyst/FCGI/issues/14

Url: https://security-tracker.debian.org/tracker/CVE-2025-40907

Url: https://www.mend.io/vulnerability-database/CVE-2025-40907

Severity Score

5.3

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Heap-based Buffer Overflow

CWE-122

Dependency on Vulnerable Third-Party Component

CWE-1395

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-40907

Date: May 16, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?