CVE-2025-58758 — MEDIUM (5.1)

Q: How severe is CVE-2025-58758?

CVE-2025-58758 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-58758?

Check the references section above for vendor advisories and patch information. Affected products include: Datahihi1 Tinyenv.

Vulnerability Description

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Datahihi1	Tinyenv	>= 1.0.1, < 1.0.3

Related Weaknesses (CWE)

CWE-703

References

FAQ

What is CVE-2025-58758?

CVE-2025-58758 is a vulnerability with a CVSS score of 5.1 (MEDIUM). TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This c...

How severe is CVE-2025-58758?

CVE-2025-58758 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-58758?

Check the references section above for vendor advisories and patch information. Affected products include: Datahihi1 Tinyenv.