CVE-2025-40915

{"id": "CVE-2025-40915", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.2}]}, "published": "2025-06-11T17:15:42.793", "references": [{"url": "https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.\n\nThat version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function."}, {"lang": "es", "value": "Mojolicious::Plugin::CSRF 1.03 para Perl utiliza una fuente de n\u00fameros aleatorios d\u00e9bil para generar tokens CSRF. Esta versi\u00f3n del m\u00f3dulo genera tokens como un MD5 del ID del proceso, la hora actual y una \u00fanica llamada a la funci\u00f3n integrada rand()."}], "lastModified": "2025-06-12T16:06:20.180", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}