CVE-2025-40910
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses
CVSS Score
6.5
EPSS Score
0.3%
EPSS Percentile
19th
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
| CWE | CWE-1287 |
| Vendor | tpoder |
| Product | net::ip::lpm |
| Published | Jun 27, 2025 |
| Last Updated | Jul 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for tpoder net::ip::lpm
Be the first to know when new medium vulnerabilities affecting tpoder net::ip::lpm are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
TPODER / Net::IP::LPM
1.10
References
metacpan.org: https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm blog.urth.org: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ security.metacpan.org: https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch rt.cpan.org: https://rt.cpan.org/Ticket/Display.html?id=179855