Improper input validation in Datahihi1 Tiny-env

CVE-2025-58759

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables co…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (9.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-58759?
CVE-2025-58759 is a medium-severity vulnerability in Datahihi1 Tiny-env, classified under Improper Input Validation. CVSS score: 5.1/10. Published 2025-09-09.
How severe is CVE-2025-58759?
Medium severity. CVSS v3 base score is 5.1 out of 10.