Description

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication. The issue is fixed in v1.0.11. Users should upgrade to the latest patched version. As a temporary workaround, avoid using inline comments in .env files, or sanitize loaded values manually.

INFO

Published Date :

2025-09-09T19:52:39.014Z

Last Modified :

2025-09-10T20:15:16.418Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58759 vulnerability.

Vendors Products
Datahihi1
  • Tinyenv
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58759.

URL Resource
https://github.com/datahihi1/tiny-env/security/advisories/GHSA-72cm-7236-h43r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact