How severe is CVE-2025-40906?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-40906?

This is classified as CWE-1104, which is a common weakness in software security.

CVE-2025-40906 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

Related Vulnerabilities

CVE-2023-7102

CRITICAL

CVSS:9.8(Critical)

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 t...

CWE-11042023

CVE-2021-22142

HIGH

CVSS:8.8(High)

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbit...

CWE-11042021

CVE-2022-46871

HIGH

CVSS:8.8(High)

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

CWE-11042022

CVE-2024-11999

HIGH

CVSS:8.8(High)

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.

CWE-11042024

CVE-2023-7102

CRITICAL

CVSS:9.8(Critical)

CWE-11042023

CVE-2021-22142

HIGH

CVSS:8.8(High)

CWE-11042021