Linux Distros Unpatched Vulnerability : CVE-2025-40909

🗓️ 07 Aug 2025 00:00:00Reported by TenableType

Linux/Unix hosts may have unpatched CVE-2025-40909 allowing unintended file operations for attackers.

Reporter	Title	Published	Views	Family All 185
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	16 Jan 202614:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	10 Nov 202508:26	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to SQLite3 (CVE-2025-6965), pam_namespace (CVE-2025-6020), systemd-coredump (CVE-2025-4598) and Perl (CVE-2025-40909) packages shipped with IBM CICS TX Advanced.	9 Sep 202517:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Perl affects IBM Netezza Appliance	16 Dec 202510:38	–	ibm
IBM Security Bulletins	Security Bulletin:Vulnerability in Perl affects IBM Netezza Appliance	16 Jan 202608:32	–	ibm
IBM Security Bulletins	Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)	16 Sep 202515:06	–	ibm
Tenable Nessus	Amazon Linux 2023 : perl, perl-Attribute-Handlers, perl-AutoLoader (ALAS2023-2025-1007)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : perl (ALAS-2025-2879)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : perl (ALAS-2025-1981)	9 Jun 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0126: perl (ALINUX3-SA-2025:0126)	6 Aug 202500:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2025-40909
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(244775);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/18");

  script_cve_id("CVE-2025-40909");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-40909");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Perl threads have a working directory race condition where file operations may target unintended paths. If
    a directory handle is open at thread creation, the process-wide current working directory is temporarily
    changed in order to clone that handle for the new thread, which is visible from any third (or more) thread
    already running. This may lead to unintended operations such as loading code or accessing files from
    unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit
    11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 (CVE-2025-40909)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-40909");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-40909");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "libcgi-fast-perl"},
          {"reference": "libperl-dev"},
          {"reference": "libperl5.18"},
          {"reference": "perl"},
          {"reference": "perl-base"},
          {"reference": "perl-debug"},
          {"reference": "perl-doc"},
          {"reference": "perl-modules"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libperl-dev"},
          {"reference": "libperl5.22"},
          {"reference": "perl"},
          {"reference": "perl-base"},
          {"reference": "perl-debug"},
          {"reference": "perl-doc"},
          {"reference": "perl-modules-5.22"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "libperl-dev"},
          {"reference": "libperl5.26"},
          {"reference": "perl"},
          {"reference": "perl-base"},
          {"reference": "perl-debug"},
          {"reference": "perl-doc"},
          {"reference": "perl-modules-5.26"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "libperl-dev"},
          {"reference": "libperl5.30"},
          {"reference": "perl"},
          {"reference": "perl-base"},
          {"reference": "perl-debug"},
          {"reference": "perl-doc"},
          {"reference": "perl-modules-5.30"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

18 Apr 2026 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.15.9

EPSS0.00031

SSVC