cvedb.io
CVE-2025-30672
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-04-01T02:15:16.390 · Last modified 2026-06-17T09:09:09.363

Summary

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.