CVE-2025-30672

Name of the Vulnerable Software and Affected Versions Mite for Perl versions prior to 0.013000

Description The issue allows for code injection via @INC path manipulation. If an attacker can place a malicious file in the current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself and other distributions that contain code generated by Mite.

Recommendations For versions prior to 0.013000, update to version 0.013000 or later to resolve the issue. As a temporary workaround, consider restricting access to the current working directory to minimize the risk of exploitation. Avoid using the @INC path in sensitive operations until the issue is resolved.