CVE-2025-40911

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions 0.10 through 0.13

Description The issue arises from the improper handling of leading zero characters in IP CIDR address strings, potentially allowing attackers to bypass access control based on IP addresses. This is due to the interpretation of leading zeros as indicating octal numbers, which can cause confusion among users, whether they intend to use octal or decimal notation. The vulnerable code originates from Net::CIDR::Lite, which had a similar issue.

Recommendations For Net::CIDR::Set versions 0.10 through 0.13, consider updating to a version that properly handles leading zero characters in IP CIDR address strings to prevent potential access control bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.