CVE-2025-58758

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: TinyEnv versions 1.0.1 through 1.0.2 TinyEnv versions 1.0.9 through 1.0.10

Description: TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations.

Recommendations: Upgrade to version 1.0.11 or later. Manually verify the existence of the .env file before initializing TinyEnv.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703

Related Identifiers

CVE-2025-58758

GHSA-3J7M-5G4Q-GFPC

Affected Products

Tiny-Env

CVE-2025-58758

Weakness Enumeration

Related Identifiers

Affected Products

References · 11