What is CVE-2025-40929?

CVE-2025-40929 is a vulnerability in Rurban Cpanel::json::xs, classified under Heap-based Buffer Overflow. Published 2025-09-08.

Is CVE-2025-40929 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Rurban Cpanel::json::xs

CVE-2025-40929

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Vulnerability class: Buffer Overflow

EPSS: 0.001 (25.9th percentile) — read the EPSS interpretation.

Affected products

Rurban Cpanel::json::xs — versions 0

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

References

metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs (related)
metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes (release-notes)
github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f… (patch)

Frequently asked questions

What is CVE-2025-40929?: CVE-2025-40929 is a vulnerability in Rurban Cpanel::json::xs, classified under Heap-based Buffer Overflow. Published 2025-09-08.
Is CVE-2025-40929 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.