{"id":"CVE-2025-40908","details":"YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified","modified":"2026-04-16T04:37:10.747435428Z","published":"2025-06-01T14:15:21.113Z","related":["ALSA-2025:9329","ALSA-2025:9330","SUSE-RU-2025:03081-1","SUSE-SU-2025:01885-1","SUSE-SU-2025:01885-2","SUSE-SU-2025:01886-1","openSUSE-SU-2025:15261-1"],"references":[{"type":"REPORT","url":"https://github.com/ingydotnet/yaml-libyaml-pm/issues/120"},{"type":"FIX","url":"https://github.com/ingydotnet/yaml-libyaml-pm/pull/121"},{"type":"FIX","url":"https://github.com/ingydotnet/yaml-libyaml-pm/pull/122"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ingydotnet/yaml-libyaml-pm","events":[{"introduced":"0"},{"fixed":"21e6be95a3f9bf92c34ebbcf69feafe3a60bff5a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.903.0"}]}}],"versions":["0.34","0.35","0.36","0.37","0.38","0.39","0.40","0.41","0.42","0.43","0.44","0.45","0.46","0.47","0.48","0.49","0.50","0.51","0.52","0.53","0.54","0.55","0.56","0.57","0.58","0.59","0.60","0.61","0.62","0.62_001","0.62_002","0.63","0.63_001","0.63_002","0.64","0.65","0.66","0.66_001","0.66_002","0.67","0.67_001","0.68","0.68_001","0.68_002","0.69","0.69_001","0.70","0.72","0.72_01","0.74","0.75","0.75_001","0.76","0.77","0.77_001","0.78","0.78_001","0.78_002","0.79","0.79_001","0.80","0.81","0.82","0.82_001","0.83","0.84","0.85","0.86","0.87","0.88","0.88_001","0.89","0.90","chansen","v0.901.0","v0.902.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40908.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}