216.73.217.80

CVE-2025-40915

· Published 11/06/2025 17:15 · Modified 12/06/2025 16:06

Labels: CVE-2025-40915 2025-06-119b29abf9-4ab0-4765-b253-1875cd9b441eCVE-2025-40915CWE-338

Essential information

Published
11/06/2025 17:15
Modified
12/06/2025 16:06
Author
Creator
CVSS
7.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CVSS metrics

Description

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD
View on NVD

Affected products (CPE)

ProductCPE
mojolicious / mojolicious plugin csr cpe:2.3:a:mojolicious:mojolicious_plugin_csr:1.03:*:*:*:*:*:*:*

References