How to fix EUVD-2025-18140?

Within 24 hours: Identify all systems and applications using CryptX for Perl and document their versions; isolate or restrict network access to affected systems where possible. Within 7 days: Upgrade CryptX to version 0.065 or later on all non-production systems to validate compatibility; prepare change management for production deployment. Within 30 days: Complete upgrade of all production instances to CryptX 0.065 or later; verify through vulnerability scanning that the embedded tomcrypt library vulnerability (CVE-2019-17362) is fully remediated.

Is CryptX affected by EUVD-2025-18140?

CryptX for Perl versions prior to 0.065 contain a critical vulnerability (CVE-2025-40912, CVSS 9.8) that could allow attackers to execute arbitrary code through malformed unicode input.

CryptX EUVD-2025-18140

| CVE-2025-40912 CRITICAL

2025-06-11 9b29abf9-4ab0-4765-b253-1875cd9b441e

Information Disclosure

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 26, 2026 - 17:46 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:09 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:09 euvd

EUVD-2025-18140

CVE Published

Jun 11, 2025 - 18:15 nvd

CRITICAL 9.8

DescriptionNVD

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.

CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.

AnalysisAI

A security vulnerability in CryptX (CVSS 9.8). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects CryptX.

RemediationAI

Apply the vendor-supplied patch immediately.

Vendor StatusVendor

Ubuntu

Priority: Medium

libcryptx-perl

Release	Status	Version
bionic	needs-triage	-
focal	needs-triage	-
jammy	not-affected	0.076-1build1
noble	not-affected	-
oracular	not-affected	-
plucky	not-affected	-
upstream	released	0.066-1
questing	not-affected	-

Debian

libcryptx-perl

Release	Status	Fixed Version	Urgency
bullseye	fixed	0.069-1	-
bookworm	fixed	0.077-1	-
trixie	fixed	0.085-1	-
forky, sid	fixed	0.087-1	-
(unstable)	fixed	0.066-1	-

EUVD-2025-18140 vulnerability details – vuln.today

Back

CryptX EUVD-2025-18140

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code