Improper input validation in Datahihi1 Tiny-env
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables co…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.002 (9.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Datahihi1 Tiny-env — versions >= 1.0.9, < 1.0.11
- Datahihi1 Tinyenv
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-58759?
- CVE-2025-58759 is a medium-severity vulnerability in Datahihi1 Tiny-env, classified under Improper Input Validation. CVSS score: 5.1/10. Published 2025-09-09.
- How severe is CVE-2025-58759?
- Medium severity. CVSS v3 base score is 5.1 out of 10.