CVE-2025-40929

MEDIUM

Cpanel::JSON::XS <4.40 - Buffer Overflow

Title source: llm

Description

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

References (5)

Core 5

Core References

Release Notes release-notes

https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes

Patch patch

https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch

Mailing List

https://lists.debian.org/debian-lts-announce/2025/09/msg00034.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/09/08/1

Release Notes related

https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713

Scores

CVSS v3 5.6

EPSS 0.0006

EPSS Percentile 18.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (1)

RURBAN/Cpanel::JSON::XS < 4.40

Published Sep 08, 2025

Tracked Since Feb 18, 2026