๐Ÿ” CVE Alert

CVE-2025-40910

MEDIUM 6.5

Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses

CVSS Score
6.5
EPSS Score
0.3%
EPSS Percentile
19th

Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.

CWE CWE-1287
Vendor tpoder
Product net::ip::lpm
Published Jun 27, 2025
Last Updated Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for tpoder net::ip::lpm

Be the first to know when new medium vulnerabilities affecting tpoder net::ip::lpm are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

TPODER / Net::IP::LPM
1.10

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
metacpan.org: https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm blog.urth.org: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ security.metacpan.org: https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch rt.cpan.org: https://rt.cpan.org/Ticket/Display.html?id=179855