CVE-2025-30673

Publication date 1 April 2025

Last updated 1 April 2025

Ubuntu priority

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libsub-handlesvia-perl	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-30673
https://lists.security.metacpan.org/cve-announce/msg/28383041/
https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html
https://metacpan.org/dist/Sub-HandlesVia/changes#L12
https://metacpan.org/release/TOBYINK/Sub-HandlesVia-0.050001/source/lib/Sub/HandlesVia/Mite.pm#L114