cvedb.io
CVE-2025-58758
MEDIUM · CVSS 5.1
EPSS exploitation probability: 0%
Published 2025-09-09T20:15:49.177 · Last modified 2026-06-17T09:44:53.230

Summary

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.

Affected products

datahihi1 — tinyenv

Does this affect you?

Add your gear to cvedb and we'll alert you only when datahihi1 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.