NPM Image CVE: Resolve CVE-2025-40909 in the perl-base Library #3923
Description
The current trivy scan of NPM (trivy --scanners vuln image --ignore-unfixed -f table mcr.microsoft.com/containernetworking/azure-npm:v1.6.32) reveals the following CVE in the base Ubuntu image:
mcr.microsoft.com/containernetworking/azure-npm:v1.6.32 (ubuntu 24.04)
======================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
┌───────────┬────────────────┬──────────┬────────┬─────────────────────┬─────────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├───────────┼────────────────┼──────────┼────────┼─────────────────────┼─────────────────────┼────────────────────────────────────────────────────────────┤
│ perl-base │ CVE-2025-40909 │ MEDIUM │ fixed │ 5.38.2-3.2ubuntu0.1 │ 5.38.2-3.2ubuntu0.2 │ perl: Perl threads have a working directory race condition │
│ │ │ │ │ │ │ where file operations... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-40909 │
└───────────┴────────────────┴──────────┴────────┴─────────────────────┴─────────────────────┴────────────────────────────────────────────────────────────┘
Resolve this CVE for the release/v1.6 branch of NPM.