CVE-2025-40912 — Vulnetix

CVE-2025-40912 PUBLISHED CVSS 9.800000190734863 CRITICAL

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.

EPSS 0.41% · 62.0th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.41%

62.0th percentile

Affected Products

Vendor	Product	Versions
MIK	CryptX	0.002

Exploit Intelligence

CIRCL seen: CVE-2025-40912 (circl-sighting)
CIRCL seen: CVE-2025-40912 (circl-sighting)
https://github.com/libtom/libtomcrypt/issues/507 (circl)

Timeline

Jun 11, 2025 Coalition ESS Score
Jun 11, 2025 CVE Published
Jun 11, 2025 CVE Updated
Jun 11, 2025 PoC Published
Jun 12, 2025 EPSS Score
Jun 12, 2025 Coalition ESS Score
Jun 13, 2025 PoC Published
Jun 22, 2025 EPSS Score
Jul 3, 2025 EPSS Score
Jul 13, 2025 EPSS Score
Jul 24, 2025 EPSS Score
Aug 3, 2025 EPSS Score

References

https://github.com/libtom/libtomcrypt/issues/507 url
https://nvd.nist.gov/vuln/detail/CVE-2025-40912 advisory

Open in Interactive Console →