CVE-2025-58759

EPSS 0.14%
Veröffentlicht 09.09.2025 19:52:39
Zuletzt bearbeitet 08.10.2025 20:52:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication. The issue is fixed in v1.0.11. Users should upgrade to the latest patched version. As a temporary workaround, avoid using inline comments in .env files, or sanitize loaded values manually.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Datahihi1 ≫ Tinyenv Version >= 1.0.9 < 1.0.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.335

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
security-advisories@github.com	5.1	2.5	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/datahihi1/tiny-env/security/advisories/GHSA-72cm-7236-h43r

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-58759

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58759

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58759

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-58759