How severe is CVE-2025-40911?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-40911?

This is classified as CWE-1287, which is a common weakness in software security.

CVE-2025-40911 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation. Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.

Related Vulnerabilities

CVE-2021-20329

MEDIUM

CVSS:6.5(Medium)

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject ...

CWE-12872021

CVE-2021-47156

MEDIUM

CVSS:6.5(Medium)

The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access contro...

CWE-12872021

CVE-2023-32651

MEDIUM

CVSS:6.5(Medium)

Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable de...

CWE-12872023

CVE-2024-31948

MEDIUM

CVSS:6.5(Medium)

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

CWE-12872024

CVE-2024-54083

MEDIUM

CVSS:6.5(Medium)

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile)...

CWE-12872024

CVE-2025-1558

MEDIUM

CVSS:6.5(Medium)

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a malici...

CWE-12872025