What is CVE-2025-40914?

CVE-2025-40914 is a vulnerability in Mik Cryptx, classified under CWE-1395. Published 2025-06-11.

Is CVE-2025-40914 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mik Cryptx

CVE-2025-40914

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

EPSS: 0.005 (67.9th percentile) — read the EPSS interpretation.

Affected products

Mik Cryptx — versions 0.002

Weakness classification (CWE)

CWE-1395

Public proof-of-concept exploits

ARPSyndicate/cve-scores
lesis-lat/bunkai

References

www.cve.org/CVERecord
github.com/libtom/libtommath/pull/546
github.com/advisories/GHSA-j3xv-6967-cv88
metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c

Frequently asked questions

What is CVE-2025-40914?: CVE-2025-40914 is a vulnerability in Mik Cryptx, classified under CWE-1395. Published 2025-06-11.
Is CVE-2025-40914 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.