CVE-2025-40915 | THREATINT

Description

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-11 | Updated 2025-06-11 | Assigner CPANSec

Problem types

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator

Product status

Default status

unaffected

1.03 (custom)

affected

References

metacpan.org/...04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03

metacpan.org/...GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes

cve.org (CVE-2025-40915)

nvd.nist.gov (CVE-2025-40915)

Download JSON