Description

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.

INFO

Published Date :

2025-09-09T19:50:18.518Z

Last Modified :

2025-09-10T20:14:26.393Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58758 vulnerability.

Vendors Products
Datahihi1
  • Tinyenv
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58758.

URL Resource
https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e cve-icon cve-icon
https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact