What is CVE-2025-40911?

CVE-2025-40911 is a vulnerability in Rrwo Net::cidr::set, classified under CWE-1287. Published 2025-05-27.

Is CVE-2025-40911 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Rrwo Net::cidr::set

CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to…

EPSS: 0.003 (49.4th percentile) — read the EPSS interpretation.

Affected products

Rrwo Net::cidr::set — versions 0.10

Weakness classification (CWE)

CWE-1287

Public proof-of-concept exploits

References

metacpan.org/release/RRWO/Net-CIDR-Set-0.14/changes (release-notes)
github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab00… (patch)
blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ (related)

Frequently asked questions

What is CVE-2025-40911?: CVE-2025-40911 is a vulnerability in Rrwo Net::cidr::set, classified under CWE-1287. Published 2025-05-27.
Is CVE-2025-40911 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.