CVE-2025-58758 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist wh…
Medium CVSS: 5.1

CVE-2025-58758

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.
Vendor
Datahihi1
Product
Tinyenv
CWE
CWE-703
Yayın Tarihi
2025-09-09 20:15:49
Güncelleme
2025-10-08 20:53:57
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-703 Tinyenv MEDIUM Datahihi1 2025

Referanslar

https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc