CVE-2025-40908 — Vulnetix

CVE-2025-40908 PUBLISHED

EPSS 0.37% · 59.3th percentile

Risk Scores

EPSS Score

0.37%

59.3th percentile

Affected Products

Vendor	Product	Versions
Amazon	perl-YAML-LibYAML

Exploit Intelligence

https://github.com/ingydotnet/yaml-libyaml-pm/issues/120 (nist-nvd)
CIRCL seen: CVE-2025-40908 (circl-sighting)
CIRCL seen: CVE-2025-40908 (circl-sighting)
CIRCL seen: CVE-2025-40908 (circl-sighting)
CIRCL seen: CVE-2025-40908 (circl-sighting)
CIRCL seen: CVE-2025-40908 (circl-sighting)
https://github.com/ingydotnet/yaml-libyaml-pm/pull/121 (circl)
https://github.com/ingydotnet/yaml-libyaml-pm/pull/122 (circl)

Timeline

Jan 21, 1970 Fix PR Merged
Jun 1, 2025 Coalition ESS Score
Jun 1, 2025 CVE Published
Jun 1, 2025 PoC Published
Jun 1, 2025 PoC Published
Jun 2, 2025 EPSS Score
Jun 2, 2025 Coalition ESS Score
Jun 2, 2025 CVE Updated
Jun 3, 2025 PoC Published
Jun 12, 2025 PoC Published
Jun 13, 2025 EPSS Score
Jun 24, 2025 EPSS Score

References

ALAS2023-2025-1036: perl-YAML-LibYAML (medium) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›