Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Local vector requiring symlink placement in the data directory or control of table names implies PR:L; high confidentiality and integrity from arbitrary file read/write, no availability impact.
Primary rating from Vendor (CPANSec).
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionCVE.org
DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location.
The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any path outside of the configured f_dir and f_dir_search directories.
Callers of file-based drivers can read or write files outside of the data directory.
AnalysisAI
Arbitrary file read/write in Perl's DBD::File before 1.651 lets callers of file-based DBI drivers escape the configured data directory via a symbolic link placed inside it. Because the complete_table_name method resolved the absolute table-file path without validating whether the entry was a symlink, a link within f_dir could point to any path on the filesystem, breaking the directory sandbox for both reads and writes. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the use of a file-based DBI driver built on DBD::File (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, 7.7 High) reflects local access with high confidentiality and integrity impact and no availability impact, which matches a data-directory sandbox escape. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can write into a DBD::File data directory (or influence the table name a file-driver application opens) plants a symbolic link named like a table that points to a sensitive file such as /etc/passwd or an application config outside f_dir. When the application performs a SELECT or INSERT against that 'table,' DBD::File follows the link and reads or overwrites the external file with the process's privileges. … |
| Remediation | Vendor-released patch: upgrade DBI/DBD::File to version 1.651 or later, which adds an explicit symlink check in complete_table_name (commit 96d62dfe4528bf56fe13f413ed323d4252531728); this is the primary fix and is documented in advisory GHSA-mh3j-xwf4-jrqw and the release notes at https://metacpan.org/release/HMBRAND/DBI-1.651/changes. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all production and critical systems running Perl DBD::File and verify their network accessibility and data sensitivity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43727