CVE Catalog

CVE-2025-40910

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

The vulnerability in Net::IP::LPM version 1.10 for Perl improperly handles leading zero characters in IP CIDR address strings, which could allow attackers to bypass IP-based access controls. Leading zeros are interpreted as octal notation, potentially confusing users.

Risk Assessment

The organization may face access control bypass if systems rely on IP address matching against allow/deny lists and an attacker uses an IP address with leading zeros.

Recommendation

Update the Net::IP::LPM library to the latest version that correctly handles leading zeros, or implement additional IP address validation before processing.

Original NVD description (English source)

Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS