7.3

CVE-2025-58758

EPSS 0.04%
Veröffentlicht 09.09.2025 19:50:18
Zuletzt bearbeitet 08.10.2025 20:53:57
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Datahihi1 ≫ Tinyenv Version >= 1.0.1 < 1.0.3

Datahihi1 ≫ Tinyenv Version >= 1.0.9 < 1.0.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.111

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
security-advisories@github.com	5.1	2.5	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc

Vendor Advisory

https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-58758

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58758

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58758

EUVD