cve/2025/CVE-2025-40906.md

### [CVE-2025-40906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40906)
![](https://img.shields.io/static/v1?label=Product&message=BSON%3A%3AXS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1104%20Use%20of%20Unmaintained%20Third%20Party%20Components&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1395%20Dependency%20on%20Vulnerable%20Third-Party%20Component&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%20Integer%20Overflow%20or%20Wraparound&color=brightgreen)

### Description

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2025-40906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40906)`
			`![](https://img.shields.io/static/v1?label=Product&message=BSON%3A%3AXS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1104%20Use%20of%20Unmaintained%20Third%20Party%20Components&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1395%20Dependency%20on%20Vulnerable%20Third-Party%20Component&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%20Integer%20Overflow%20or%20Wraparound&color=brightgreen)`

			`### Description`

			`BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`